Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-6708 (GCVE-0-2012-6708)
Vulnerability from cvelistv5
Published
2018-01-18 23:00
Modified
2024-08-06 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "102792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0395",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T15:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "102792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0395",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/npm:jquery:20120206",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"name": "https://bugs.jquery.com/ticket/11290",
"refsource": "MISC",
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "102792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102792"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6708",
"datePublished": "2018-01-18T23:00:00",
"dateReserved": "2018-01-18T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-6708\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-18T23:29:00.213\",\"lastModified\":\"2024-11-21T01:46:43.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.\"},{\"lang\":\"es\",\"value\":\"jQuery en versiones anteriores a la 1.9.0 es vulnerable a ataques de Cross-Site Scripting (XSS). La funci\u00f3n jQuery(strInput) no diferencia selectores de HTML de forma fiable. En las versiones vulnerables, jQuery determin\u00f3 si la entrada era HTML buscando el car\u00e1cter \\\"\u003c\\\" en cualquier lugar de la cadena, lo que facilita que los atacantes creen una carga \u00fatil maliciosa. En las versiones corregidas, jQuery solo considera que la entrada es HTML si empieza expl\u00edcitamente por el car\u00e1cter \\\"\u003c\\\", lo que limita la explotabilidad a solo los atacantes que puedan controlar el inicio de una cadena, lo que suele ser mucho menos com\u00fan.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.9.0\",\"matchCriteriaId\":\"50597E9B-36B7-489E-8011-FDCBE38EB396\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/102792\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.jquery.com/ticket/11290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://snyk.io/vuln/npm:jquery:20120206\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.jquery.com/ticket/11290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/npm:jquery:20120206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
cnvd-2018-02374
Vulnerability from cnvd
Title
jQuery跨站脚本漏洞(CNVD-2018-02374)
Description
jQuery是美国程序员John Resig所研发的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。
jQuery 1.9.0之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Severity
中
VLAI Severity ?
Patch Name
jQuery跨站脚本漏洞(CNVD-2018-02374)的补丁
Patch Description
jQuery是美国程序员John Resig所研发的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作,并具有模块化、插件扩展等特点。
jQuery 1.9.0之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://jquery.com/
Reference
https://bugs.jquery.com/ticket/11290
https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
https://snyk.io/vuln/npm:jquery:20120206
Impacted products
| Name | jQuery jQuery 1.4.2 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2012-6708"
}
},
"description": "jQuery\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458John Resig\u6240\u7814\u53d1\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8de8\u6d4f\u89c8\u5668\u7684JavaScript\u5e93\u3002\u8be5\u5e93\u7b80\u5316\u4e86HTML\u4e0eJavaScript\u4e4b\u95f4\u7684\u64cd\u4f5c\uff0c\u5e76\u5177\u6709\u6a21\u5757\u5316\u3001\u63d2\u4ef6\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\njQuery 1.9.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
"discovererName": "unknown",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://jquery.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-02374",
"openTime": "2018-01-31",
"patchDescription": "jQuery\u662f\u7f8e\u56fd\u7a0b\u5e8f\u5458John Resig\u6240\u7814\u53d1\u7684\u4e00\u5957\u5f00\u6e90\u3001\u8de8\u6d4f\u89c8\u5668\u7684JavaScript\u5e93\u3002\u8be5\u5e93\u7b80\u5316\u4e86HTML\u4e0eJavaScript\u4e4b\u95f4\u7684\u64cd\u4f5c\uff0c\u5e76\u5177\u6709\u6a21\u5757\u5316\u3001\u63d2\u4ef6\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\njQuery 1.9.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "jQuery\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2018-02374\uff09\u7684\u8865\u4e01",
"products": {
"product": "jQuery jQuery 1.4.2"
},
"referenceLink": "https://bugs.jquery.com/ticket/11290\r\nhttps://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d\r\nhttps://snyk.io/vuln/npm:jquery:20120206",
"serverity": "\u4e2d",
"submitTime": "2018-01-23",
"title": "jQuery\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2018-02374\uff09"
}
icsa-22-097-01
Vulnerability from csaf_cisa
Published
2022-04-07 00:00
Modified
2022-04-07 00:00
Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
ICSA-22-097-01
Vulnerability from csaf_cisa
Published
2022-04-07 00:00
Modified
2022-04-07 00:00
Summary
Pepperl+Fuchs WirelessHART-Gateway
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating these vulnerabilities with Pepperl+Fuchs"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may result in a denial-of-service condition, code execution, and code exposure.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-097-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-097-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-097-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Pepperl+Fuchs WirelessHART-Gateway",
"tracking": {
"current_release_date": "2022-04-07T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-097-01",
"initial_release_date": "2022-04-07T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-07T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-097-01 Pepperl+Fuchs WirelessHART-Gateway"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7 | 3.0.8 | 3.0.9",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP: Versions 3.0.7 3.0.8 3.0.9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The affected product allows active SSH and telnet services with hard-coded credentials.CVE-2021-34565 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34565"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "jQuery 3.0.0-rc.1 is vulnerable to a denial-of-service condition due to removing a logic a lowercased attribute names. Any attribute using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.CVE-2016-10707 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10707"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "summary",
"text": "If the application is not externally accessible or uses IP-based access restrictions, attackers can use DNS rebinding to bypass any IP or firewall-based access restrictions by proxying through their target\u0027s browser. This vulnerability only affects Versions 3.0.7 through 3.0.8.CVE-2021-34561 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34561"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability only affects Version 3.0.7.CVE-2021-33555 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery Version 1.4.2 allows remote attackers to conduct cross-site scripting attacks via vectors related to use of the text method.CVE-2014-6071 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6071"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 are vulnerable to cross-site scripting attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to deliver a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string.CVE-2012-6708 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.0.0 are vulnerable to cross-site scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.0.3 and 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In jQuery versions between 1.2 and 3.5.0, passing HTML from untrusted sources (even after sanitizing it) to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This vulnerability is patched in jQuery 3.5.0.CVE-2020-11022 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 3.4.0, as used in specific products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.CVE-2019-11358 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.9.0 allow cross-site scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.CVE-2020-7656 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7656"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The affected product contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer.CVE-2021-34560 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34560"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "summary",
"text": "Cookie stealing vulnerabilities within the application or browser allow an attacker to steal the user\u0027s credentials in Version 3.0.9.CVE-2021-34564 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34564"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.7 through 3.0.8 have a vulnerability that may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.CVE-2021-34559 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Version 3.0.8, it is possible to inject arbitrary JavaScript into the application\u0027s response.CVE-2021-34562 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34562"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The jQuery framework exchanges data using JavaScript object notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"CVE-2007-2379 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery versions prior to 1.6.3 contain a Cross-site scripting (XSS) vulnerability, which when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.CVE-2011-4969 has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "In the affected product, Versions 3.0.8 and 3.0.9, the HttpOnly attribute is not set on a cookie, which allows the cookie\u0027s value to be read or set by client-side JavaScript.CVE-2021-34563 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34563"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2013-0169",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue.CVE-2013-0169 has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Minimize network exposure for affected products and ensure they are not accessible via the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Isolate affected products from the corporate network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "If remote access is required, use secure methods such as virtual private networks (VPNs).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "See CERT@VDE\u0027s advisory VDE-2021-027 for more information",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-027/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
fkie_cve-2012-6708
Vulnerability from fkie_nvd
Published
2018-01-18 23:29
Modified
2024-11-21 01:46
Severity ?
Summary
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/102792 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.jquery.com/ticket/11290 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d | Patch, Third Party Advisory | |
| cve@mitre.org | https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| cve@mitre.org | https://snyk.io/vuln/npm:jquery:20120206 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102792 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.jquery.com/ticket/11290 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/npm:jquery:20120206 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50597E9B-36B7-489E-8011-FDCBE38EB396",
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
},
{
"lang": "es",
"value": "jQuery en versiones anteriores a la 1.9.0 es vulnerable a ataques de Cross-Site Scripting (XSS). La funci\u00f3n jQuery(strInput) no diferencia selectores de HTML de forma fiable. En las versiones vulnerables, jQuery determin\u00f3 si la entrada era HTML buscando el car\u00e1cter \"\u003c\" en cualquier lugar de la cadena, lo que facilita que los atacantes creen una carga \u00fatil maliciosa. En las versiones corregidas, jQuery solo considera que la entrada es HTML si empieza expl\u00edcitamente por el car\u00e1cter \"\u003c\", lo que limita la explotabilidad a solo los atacantes que puedan controlar el inicio de una cadena, lo que suele ser mucho menos com\u00fan."
}
],
"id": "CVE-2012-6708",
"lastModified": "2024-11-21T01:46:43.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-18T23:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102792"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20120206"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
msrc_cve-2012-6708
Vulnerability from csaf_microsoft
Published
2018-01-02 00:00
Modified
2025-05-27 00:00
Summary
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character limiting exploitability only to attackers who can control the beginning of a string which is far less common. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2012-6708.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character limiting exploitability only to attackers who can control the beginning of a string which is far less common.",
"tracking": {
"current_release_date": "2025-05-27T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:16:36.678Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2012-6708",
"initial_release_date": "2018-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-02-03T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-04T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-05T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-07T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-08T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-09T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-10T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-11T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-12T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-13T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-14T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-15T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-16T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-17T00:00:00.000Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-18T00:00:00.000Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-19T00:00:00.000Z",
"legacy_version": "2.6",
"number": "17",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-20T00:00:00.000Z",
"legacy_version": "2.7",
"number": "18",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-21T00:00:00.000Z",
"legacy_version": "2.8",
"number": "19",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-22T00:00:00.000Z",
"legacy_version": "2.9",
"number": "20",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-23T00:00:00.000Z",
"legacy_version": "3",
"number": "21",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-24T00:00:00.000Z",
"legacy_version": "3.1",
"number": "22",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-25T00:00:00.000Z",
"legacy_version": "3.2",
"number": "23",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-26T00:00:00.000Z",
"legacy_version": "3.3",
"number": "24",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-27T00:00:00.000Z",
"legacy_version": "3.4",
"number": "25",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-02-28T00:00:00.000Z",
"legacy_version": "3.5",
"number": "26",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-01T00:00:00.000Z",
"legacy_version": "3.6",
"number": "27",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-02T00:00:00.000Z",
"legacy_version": "3.7",
"number": "28",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-03T00:00:00.000Z",
"legacy_version": "3.8",
"number": "29",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-04T00:00:00.000Z",
"legacy_version": "3.9",
"number": "30",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-05T00:00:00.000Z",
"legacy_version": "4",
"number": "31",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-06T00:00:00.000Z",
"legacy_version": "4.1",
"number": "32",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-08T00:00:00.000Z",
"legacy_version": "4.2",
"number": "33",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-09T00:00:00.000Z",
"legacy_version": "4.3",
"number": "34",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-10T00:00:00.000Z",
"legacy_version": "4.4",
"number": "35",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-11T00:00:00.000Z",
"legacy_version": "4.5",
"number": "36",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-12T00:00:00.000Z",
"legacy_version": "4.6",
"number": "37",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-13T00:00:00.000Z",
"legacy_version": "4.7",
"number": "38",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-14T00:00:00.000Z",
"legacy_version": "4.8",
"number": "39",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-15T00:00:00.000Z",
"legacy_version": "4.9",
"number": "40",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-16T00:00:00.000Z",
"legacy_version": "5",
"number": "41",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-17T00:00:00.000Z",
"legacy_version": "5.1",
"number": "42",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-18T00:00:00.000Z",
"legacy_version": "5.2",
"number": "43",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-19T00:00:00.000Z",
"legacy_version": "5.3",
"number": "44",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-20T00:00:00.000Z",
"legacy_version": "5.4",
"number": "45",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-21T00:00:00.000Z",
"legacy_version": "5.5",
"number": "46",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-22T00:00:00.000Z",
"legacy_version": "5.6",
"number": "47",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-23T00:00:00.000Z",
"legacy_version": "5.7",
"number": "48",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-24T00:00:00.000Z",
"legacy_version": "5.8",
"number": "49",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-25T00:00:00.000Z",
"legacy_version": "5.9",
"number": "50",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-26T00:00:00.000Z",
"legacy_version": "6",
"number": "51",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-27T00:00:00.000Z",
"legacy_version": "6.1",
"number": "52",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-28T00:00:00.000Z",
"legacy_version": "6.2",
"number": "53",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-29T00:00:00.000Z",
"legacy_version": "6.3",
"number": "54",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-30T00:00:00.000Z",
"legacy_version": "6.4",
"number": "55",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-03-31T00:00:00.000Z",
"legacy_version": "6.5",
"number": "56",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-01T00:00:00.000Z",
"legacy_version": "6.6",
"number": "57",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-03T00:00:00.000Z",
"legacy_version": "6.7",
"number": "58",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-04T00:00:00.000Z",
"legacy_version": "6.8",
"number": "59",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-05T00:00:00.000Z",
"legacy_version": "6.9",
"number": "60",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-06T00:00:00.000Z",
"legacy_version": "7",
"number": "61",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-07T00:00:00.000Z",
"legacy_version": "7.1",
"number": "62",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-08T00:00:00.000Z",
"legacy_version": "7.2",
"number": "63",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-09T00:00:00.000Z",
"legacy_version": "7.3",
"number": "64",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-11T00:00:00.000Z",
"legacy_version": "7.4",
"number": "65",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-12T00:00:00.000Z",
"legacy_version": "7.5",
"number": "66",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-13T00:00:00.000Z",
"legacy_version": "7.6",
"number": "67",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-14T00:00:00.000Z",
"legacy_version": "7.7",
"number": "68",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-15T00:00:00.000Z",
"legacy_version": "7.8",
"number": "69",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-16T00:00:00.000Z",
"legacy_version": "7.9",
"number": "70",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-17T00:00:00.000Z",
"legacy_version": "8",
"number": "71",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-18T00:00:00.000Z",
"legacy_version": "8.1",
"number": "72",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-19T00:00:00.000Z",
"legacy_version": "8.2",
"number": "73",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-20T00:00:00.000Z",
"legacy_version": "8.3",
"number": "74",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-21T00:00:00.000Z",
"legacy_version": "8.4",
"number": "75",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-22T00:00:00.000Z",
"legacy_version": "8.5",
"number": "76",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-23T00:00:00.000Z",
"legacy_version": "8.6",
"number": "77",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-24T00:00:00.000Z",
"legacy_version": "8.7",
"number": "78",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-25T00:00:00.000Z",
"legacy_version": "8.8",
"number": "79",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-26T00:00:00.000Z",
"legacy_version": "8.9",
"number": "80",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-28T00:00:00.000Z",
"legacy_version": "9",
"number": "81",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-29T00:00:00.000Z",
"legacy_version": "9.1",
"number": "82",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-04-30T00:00:00.000Z",
"legacy_version": "9.2",
"number": "83",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-01T00:00:00.000Z",
"legacy_version": "9.3",
"number": "84",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-02T00:00:00.000Z",
"legacy_version": "9.4",
"number": "85",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-03T00:00:00.000Z",
"legacy_version": "9.5",
"number": "86",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-04T00:00:00.000Z",
"legacy_version": "9.6",
"number": "87",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-05T00:00:00.000Z",
"legacy_version": "9.7",
"number": "88",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-06T00:00:00.000Z",
"legacy_version": "9.8",
"number": "89",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-07T00:00:00.000Z",
"legacy_version": "9.9",
"number": "90",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-08T00:00:00.000Z",
"legacy_version": "1",
"number": "91",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-09T00:00:00.000Z",
"legacy_version": "10.1",
"number": "92",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-10T00:00:00.000Z",
"legacy_version": "10.2",
"number": "93",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-11T00:00:00.000Z",
"legacy_version": "10.3",
"number": "94",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-12T00:00:00.000Z",
"legacy_version": "10.4",
"number": "95",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-13T00:00:00.000Z",
"legacy_version": "10.5",
"number": "96",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-14T00:00:00.000Z",
"legacy_version": "10.6",
"number": "97",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-15T00:00:00.000Z",
"legacy_version": "10.7",
"number": "98",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-16T00:00:00.000Z",
"legacy_version": "10.8",
"number": "99",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-17T00:00:00.000Z",
"legacy_version": "10.9",
"number": "100",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-18T00:00:00.000Z",
"legacy_version": "11",
"number": "101",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-19T00:00:00.000Z",
"legacy_version": "11.1",
"number": "102",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-20T00:00:00.000Z",
"legacy_version": "11.2",
"number": "103",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-21T00:00:00.000Z",
"legacy_version": "11.3",
"number": "104",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-22T00:00:00.000Z",
"legacy_version": "11.4",
"number": "105",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-23T00:00:00.000Z",
"legacy_version": "11.5",
"number": "106",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-24T00:00:00.000Z",
"legacy_version": "11.6",
"number": "107",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-25T00:00:00.000Z",
"legacy_version": "11.7",
"number": "108",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-26T00:00:00.000Z",
"legacy_version": "11.8",
"number": "109",
"summary": "Added slf4j to Azure Linux 3.0"
},
{
"date": "2025-05-27T00:00:00.000Z",
"legacy_version": "11.9",
"number": "110",
"summary": "Added slf4j to Azure Linux 3.0"
}
],
"status": "final",
"version": "110"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 slf4j 2.0.7-1",
"product": {
"name": "\u003cazl3 slf4j 2.0.7-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 slf4j 2.0.7-1",
"product": {
"name": "azl3 slf4j 2.0.7-1",
"product_id": "16853"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 slf4j 1.7.30-6",
"product": {
"name": "\u003cazl3 slf4j 1.7.30-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 slf4j 1.7.30-6",
"product": {
"name": "azl3 slf4j 1.7.30-6",
"product_id": "20150"
}
}
],
"category": "product_name",
"name": "slf4j"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-blinker 1.7.0-4",
"product": {
"name": "\u003cazl3 python-blinker 1.7.0-4",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "azl3 python-blinker 1.7.0-4",
"product": {
"name": "azl3 python-blinker 1.7.0-4",
"product_id": "16854"
}
}
],
"category": "product_name",
"name": "python-blinker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 ceph 18.2.2-1",
"product": {
"name": "\u003cazl3 ceph 18.2.2-1",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 ceph 18.2.2-1",
"product": {
"name": "azl3 ceph 18.2.2-1",
"product_id": "16855"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 ceph 18.2.2-8",
"product": {
"name": "\u003cazl3 ceph 18.2.2-8",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "azl3 ceph 18.2.2-8",
"product": {
"name": "azl3 ceph 18.2.2-8",
"product_id": "19666"
}
}
],
"category": "product_name",
"name": "ceph"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 scons 4.6.0-1",
"product": {
"name": "azl3 scons 4.6.0-1",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "scons"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 fontawesome4-fonts 4.7.0-12",
"product": {
"name": "azl3 fontawesome4-fonts 4.7.0-12",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "fontawesome4-fonts"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 javapackages-bootstrap 1.14.0-2",
"product": {
"name": "azl3 javapackages-bootstrap 1.14.0-2",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "javapackages-bootstrap"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 boost 1.83.0-2",
"product": {
"name": "azl3 boost 1.83.0-2",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "boost"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "azl3 mozjs 102.15.1-1",
"product": {
"name": "azl3 mozjs 102.15.1-1",
"product_id": "11"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.75.0-14",
"product": {
"name": "azl3 rust 1.75.0-14",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "azl3 rust 1.86.0-1",
"product": {
"name": "azl3 rust 1.86.0-1",
"product_id": "7"
}
},
{
"category": "product_name",
"name": "azl3 cal10n 0.8.1.10-1",
"product": {
"name": "azl3 cal10n 0.8.1.10-1",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 slf4j 2.0.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 slf4j 2.0.7-1 as a component of Azure Linux 3.0",
"product_id": "16853-17084"
},
"product_reference": "16853",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-blinker 1.7.0-4 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-blinker 1.7.0-4 as a component of Azure Linux 3.0",
"product_id": "16854-17084"
},
"product_reference": "16854",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 ceph 18.2.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ceph 18.2.2-1 as a component of Azure Linux 3.0",
"product_id": "16855-17084"
},
"product_reference": "16855",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 scons 4.6.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 ceph 18.2.2-8 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ceph 18.2.2-8 as a component of Azure Linux 3.0",
"product_id": "19666-17084"
},
"product_reference": "19666",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cal10n 0.8.1.10-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 fontawesome4-fonts 4.7.0-12 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 javapackages-bootstrap 1.14.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 boost 1.83.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 slf4j 1.7.30-6 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 slf4j 1.7.30-6 as a component of Azure Linux 3.0",
"product_id": "20150-17084"
},
"product_reference": "20150",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-6",
"17084-11",
"17084-8",
"17084-7",
"17084-2"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16853-17084",
"16854-17084",
"16855-17084",
"19666-17084",
"20150-17084"
],
"known_affected": [
"17084-14",
"17084-13",
"17084-12",
"17084-3",
"17084-9",
"17084-5",
"17084-10",
"17084-4",
"17084-1"
],
"known_not_affected": [
"17084-6",
"17084-11",
"17084-8",
"17084-7",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character limiting exploitability only to attackers who can control the beginning of a string which is far less common. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2012-6708.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "2.0.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "1.7.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-09-11T00:00:00.000Z",
"details": "18.2.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-12",
"17084-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17084-14",
"17084-13",
"17084-12",
"17084-3",
"17084-9",
"17084-5",
"17084-10",
"17084-4",
"17084-1"
]
}
],
"title": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character limiting exploitability only to attackers who can control the beginning of a string which is far less common."
}
]
}
CERTFR-2024-AVI-0506
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP8 IF03 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2023-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-50961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2023-50960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2023-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3758"
},
{
"name": "CVE-2023-40546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2023-40548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
},
{
"name": "CVE-2023-40549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
},
{
"name": "CVE-2023-40550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
},
{
"name": "CVE-2023-40551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
},
{
"name": "CVE-2001-1267",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1267"
},
{
"name": "CVE-2024-28784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28784"
}
],
"initial_release_date": "2024-06-19T00:00:00",
"last_revision_date": "2024-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82681",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03"
}
]
}
CERTFR-2023-AVI-0250
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une injection de code indirecte à distance (XSS), une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.0 UPx antérieures à 7.5.0 UP5 | ||
| IBM | WebSphere | IBM WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.5 incluant le correctif de sécurité PH53340 | ||
| IBM | WebSphere | IBM WebSphere Application Server versions 9.0.x antérieures à 9.0.5.14 incluant le correctif de sécurité PH52925 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 FPx antérieures à 7.4.3 FP9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5.0 UPx ant\u00e9rieures \u00e0 7.5.0 UP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.5 incluant le correctif de s\u00e9curit\u00e9 PH53340",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.14 incluant le correctif de s\u00e9curit\u00e9 PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 FPx ant\u00e9rieures \u00e0 7.4.3 FP9",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-26283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
},
{
"name": "CVE-2018-15494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15494"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-43863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43863"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2023-03-22T00:00:00",
"last_revision_date": "2023-03-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0250",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une injection de code\nindirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964836 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964836"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964844 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964844"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6964862 du 21 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6964862"
}
]
}
CERTFR-2022-AVI-928
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Pulse App versions antérieures à 2.2.9 | ||
| IBM | N/A | CP4BA version 22.0.1 sans le correctif de sécurité CP4BA 22.0.1-IF2 | ||
| IBM | Cloud Pak | IBM Robotic Process Automation pour Cloud Pak versions antérieures à 21.0.5 | ||
| IBM | N/A | IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de sécurité CMIS 3.0.6-IF2 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.3 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP6 | ||
| IBM | N/A | CP4BA version 21.0.3 sans le correctif de sécurité CP4BA 21.0.3-IF12 | ||
| IBM | N/A | Enterprise Content Management System Monitor (ESM) versions 5.5.x antérieures à 5.5.9 | ||
| IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics version 4.1.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 22.0.1 sans le correctif de s\u00e9curit\u00e9 CP4BA 22.0.1-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Robotic Process Automation pour Cloud Pak versions ant\u00e9rieures \u00e0 21.0.5",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM ECM CMIS et FileNet Collaboration Services version 3.0.6 sans le correctif de s\u00e9curit\u00e9 CMIS 3.0.6-IF2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "CP4BA version 21.0.3 sans le correctif de s\u00e9curit\u00e9 CP4BA 21.0.3-IF12",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Enterprise Content Management System Monitor (ESM) versions 5.5.x ant\u00e9rieures \u00e0 5.5.9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics version 4.1.8",
"product": {
"name": "QRadar User Behavior Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2018-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2020-7788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2021-34538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34538"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2020-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4051"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2018-25031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"name": "CVE-2019-1010266",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010266"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-15523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15523"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2022-34339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34339"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2018-16487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16487"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2018-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20406"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2022-24758",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24758"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2022-10-19T00:00:00",
"last_revision_date": "2022-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-928",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830211 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830211"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830243 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830243"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6828527 du 17 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6828527"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830257 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830265 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830265"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6830017 du 18 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6830017"
}
]
}
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2012-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0881"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2023-42795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2023-42794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
}
],
"initial_release_date": "2024-04-12T00:00:00",
"last_revision_date": "2024-04-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0305",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147813"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147943"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147727"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147728"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147944"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147726"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7147812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024",
"url": "https://www.ibm.com/support/pages/node/7148063"
}
]
}
CERTFR-2019-AVI-163
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiSwitch | FortiSwitch versions 6.0.0 à 6.0.1 | ||
| Fortinet | N/A | FortiAP-S versions FAP_S221E et FAP_S223E | ||
| Fortinet | N/A | FortiAP-W2 versions FAP_221E (Gen1/Gen2), FAP_222E et FAP_223E (Gen1/Gen2) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 3.6.8 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiSwitch versions 6.0.0 \u00e0 6.0.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions FAP_S221E et FAP_S223E",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions FAP_221E (Gen1/Gen2), FAP_222E et FAP_223E (Gen1/Gen2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 3.6.8 et ant\u00e9rieures",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16986",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16986"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
}
],
"initial_release_date": "2019-04-11T00:00:00",
"last_revision_date": "2019-04-11T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-163",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-013 du 10 avril 2019",
"url": "https://fortiguard.com/psirt/FG-IR-18-013"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-356 du 10 avril 2019",
"url": "https://fortiguard.com/psirt/FG-IR-18-356"
}
]
}
suse-su-2020:0737-1
Vulnerability from csaf_suse
Published
2020-03-20 12:47
Modified
2020-03-20 12:47
Summary
Recommended update for ruby2.5
Notes
Title of the patch
Recommended update for ruby2.5
Description of the patch
This update for ruby2.5 toversion 2.5.7 fixes the following issues:
ruby 2.5 was updated to version 2.5.7
- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and
Shell#test (bsc#1152990).
- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and
File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick
Digest access authentication (bsc#1152995).
- CVE-2012-6708: Fixed an XSS in JQuery
- CVE-2015-9251: Fixed an XSS in JQuery
- Fixed unit tests (bsc#1140844)
- Removed some unneeded test files (bsc#1162396).
Patchnames
SUSE-2020-737,SUSE-SLE-Module-Basesystem-15-SP1-2020-737,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-737,SUSE-SLE-Product-HPC-15-2020-737,SUSE-SLE-Product-SLES-15-2020-737,SUSE-SLE-Product-SLES_SAP-15-2020-737
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for ruby2.5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n\t \nruby 2.5 was updated to version 2.5.7 \n\n- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).\n- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and \n Shell#test (bsc#1152990).\n- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).\n- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and \n File.fnmatch? (bsc#1152994).\n- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick \n Digest access authentication (bsc#1152995).\n- CVE-2012-6708: Fixed an XSS in JQuery\n- CVE-2015-9251: Fixed an XSS in JQuery\n- Fixed unit tests (bsc#1140844)\n- Removed some unneeded test files (bsc#1162396).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-737,SUSE-SLE-Module-Basesystem-15-SP1-2020-737,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-737,SUSE-SLE-Product-HPC-15-2020-737,SUSE-SLE-Product-SLES-15-2020-737,SUSE-SLE-Product-SLES_SAP-15-2020-737",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0737-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0737-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200737-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0737-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-March/006630.html"
},
{
"category": "self",
"summary": "SUSE Bug 1140844",
"url": "https://bugzilla.suse.com/1140844"
},
{
"category": "self",
"summary": "SUSE Bug 1152990",
"url": "https://bugzilla.suse.com/1152990"
},
{
"category": "self",
"summary": "SUSE Bug 1152992",
"url": "https://bugzilla.suse.com/1152992"
},
{
"category": "self",
"summary": "SUSE Bug 1152994",
"url": "https://bugzilla.suse.com/1152994"
},
{
"category": "self",
"summary": "SUSE Bug 1152995",
"url": "https://bugzilla.suse.com/1152995"
},
{
"category": "self",
"summary": "SUSE Bug 1162396",
"url": "https://bugzilla.suse.com/1162396"
},
{
"category": "self",
"summary": "SUSE Bug 1164804",
"url": "https://bugzilla.suse.com/1164804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6708 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-9251 page",
"url": "https://www.suse.com/security/cve/CVE-2015-9251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15845 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16254 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16255 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8130/"
}
],
"title": "Recommended update for ruby2.5",
"tracking": {
"current_release_date": "2020-03-20T12:47:31Z",
"generator": {
"date": "2020-03-20T12:47:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0737-1",
"initial_release_date": "2020-03-20T12:47:31Z",
"revision_history": [
{
"date": "2020-03-20T12:47:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"product": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"product_id": "libruby2_5-2_5-2.5.7-4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-4.8.1.aarch64",
"product": {
"name": "ruby2.5-2.5.7-4.8.1.aarch64",
"product_id": "ruby2.5-2.5.7-4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"product": {
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"product_id": "ruby2.5-devel-2.5.7-4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"product_id": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-4.8.1.aarch64",
"product": {
"name": "ruby2.5-doc-2.5.7-4.8.1.aarch64",
"product_id": "ruby2.5-doc-2.5.7-4.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"product": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"product_id": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-4.8.1.i586",
"product": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.i586",
"product_id": "libruby2_5-2_5-2.5.7-4.8.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-4.8.1.i586",
"product": {
"name": "ruby2.5-2.5.7-4.8.1.i586",
"product_id": "ruby2.5-2.5.7-4.8.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-4.8.1.i586",
"product": {
"name": "ruby2.5-devel-2.5.7-4.8.1.i586",
"product_id": "ruby2.5-devel-2.5.7-4.8.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.i586",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.i586",
"product_id": "ruby2.5-devel-extra-2.5.7-4.8.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-4.8.1.i586",
"product": {
"name": "ruby2.5-doc-2.5.7-4.8.1.i586",
"product_id": "ruby2.5-doc-2.5.7-4.8.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-4.8.1.i586",
"product": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.i586",
"product_id": "ruby2.5-stdlib-2.5.7-4.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-doc-ri-2.5.7-4.8.1.noarch",
"product": {
"name": "ruby2.5-doc-ri-2.5.7-4.8.1.noarch",
"product_id": "ruby2.5-doc-ri-2.5.7-4.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"product": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"product_id": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-4.8.1.ppc64le",
"product": {
"name": "ruby2.5-2.5.7-4.8.1.ppc64le",
"product_id": "ruby2.5-2.5.7-4.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"product": {
"name": "ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"product_id": "ruby2.5-devel-2.5.7-4.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"product_id": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-4.8.1.ppc64le",
"product": {
"name": "ruby2.5-doc-2.5.7-4.8.1.ppc64le",
"product_id": "ruby2.5-doc-2.5.7-4.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"product": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"product_id": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-4.8.1.s390x",
"product": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.s390x",
"product_id": "libruby2_5-2_5-2.5.7-4.8.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-4.8.1.s390x",
"product": {
"name": "ruby2.5-2.5.7-4.8.1.s390x",
"product_id": "ruby2.5-2.5.7-4.8.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-4.8.1.s390x",
"product": {
"name": "ruby2.5-devel-2.5.7-4.8.1.s390x",
"product_id": "ruby2.5-devel-2.5.7-4.8.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"product_id": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-4.8.1.s390x",
"product": {
"name": "ruby2.5-doc-2.5.7-4.8.1.s390x",
"product_id": "ruby2.5-doc-2.5.7-4.8.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"product": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"product_id": "ruby2.5-stdlib-2.5.7-4.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"product": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"product_id": "libruby2_5-2_5-2.5.7-4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-4.8.1.x86_64",
"product": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64",
"product_id": "ruby2.5-2.5.7-4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"product": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"product_id": "ruby2.5-devel-2.5.7-4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"product_id": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-4.8.1.x86_64",
"product": {
"name": "ruby2.5-doc-2.5.7-4.8.1.x86_64",
"product_id": "ruby2.5-doc-2.5.7-4.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"product": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"product_id": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6708"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6708",
"url": "https://www.suse.com/security/cve/CVE-2012-6708"
},
{
"category": "external",
"summary": "SUSE Bug 1111661 for CVE-2012-6708",
"url": "https://bugzilla.suse.com/1111661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2012-6708"
},
{
"cve": "CVE-2015-9251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-9251"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-9251",
"url": "https://www.suse.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "SUSE Bug 1099458 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1099458"
},
{
"category": "external",
"summary": "SUSE Bug 1100133 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1100133"
},
{
"category": "external",
"summary": "SUSE Bug 1111660 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1111660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "critical"
}
],
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2019-15845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15845"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15845",
"url": "https://www.suse.com/security/cve/CVE-2019-15845"
},
{
"category": "external",
"summary": "SUSE Bug 1152994 for CVE-2019-15845",
"url": "https://bugzilla.suse.com/1152994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-15845"
},
{
"cve": "CVE-2019-16201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16201"
}
],
"notes": [
{
"category": "general",
"text": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16201",
"url": "https://www.suse.com/security/cve/CVE-2019-16201"
},
{
"category": "external",
"summary": "SUSE Bug 1152995 for CVE-2019-16201",
"url": "https://bugzilla.suse.com/1152995"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-16201"
},
{
"cve": "CVE-2019-16254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16254"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16254",
"url": "https://www.suse.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "SUSE Bug 1152992 for CVE-2019-16254",
"url": "https://bugzilla.suse.com/1152992"
},
{
"category": "external",
"summary": "SUSE Bug 1165402 for CVE-2019-16254",
"url": "https://bugzilla.suse.com/1165402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-16254"
},
{
"cve": "CVE-2019-16255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16255"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16255",
"url": "https://www.suse.com/security/cve/CVE-2019-16255"
},
{
"category": "external",
"summary": "SUSE Bug 1152990 for CVE-2019-16255",
"url": "https://bugzilla.suse.com/1152990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "important"
}
],
"title": "CVE-2019-16255"
},
{
"cve": "CVE-2020-8130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8130"
}
],
"notes": [
{
"category": "general",
"text": "There is an OS command injection vulnerability in Ruby Rake \u003c 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8130",
"url": "https://www.suse.com/security/cve/CVE-2020-8130"
},
{
"category": "external",
"summary": "SUSE Bug 1164804 for CVE-2020-8130",
"url": "https://bugzilla.suse.com/1164804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:ruby2.5-stdlib-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libruby2_5-2_5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-devel-extra-2.5.7-4.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:ruby2.5-stdlib-2.5.7-4.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-20T12:47:31Z",
"details": "moderate"
}
],
"title": "CVE-2020-8130"
}
]
}
ghsa-2pqj-h3vj-pqgw
Vulnerability from github
Published
2020-09-01 16:41
Modified
2023-06-26 17:03
Severity ?
VLAI Severity ?
Summary
Cross-Site Scripting in jquery
Details
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.
Proof of Concept
$("#log").html(
$("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html()
);
Recommendation
Update to version 1.9.0 or later.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-6708"
],
"database_specific": {
"cwe_ids": [
"CWE-64",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:19:31Z",
"nvd_published_at": "2018-01-18T23:29:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of `jquery` are vulnerable to cross-site scripting. This occurs because the main `jquery` function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that `jquery` may interpret HTML as selectors when given certain inputs, allowing for client side code execution.\n\n## Proof of Concept\n```\n$(\"#log\").html(\n $(\"element[attribute=\u0027\u003cimg src=\\\"x\\\" onerror=\\\"alert(1)\\\" /\u003e\u0027]\").html()\n);\n```\n\n\n\n\n## Recommendation\n\nUpdate to version 1.9.0 or later.",
"id": "GHSA-2pqj-h3vj-pqgw",
"modified": "2023-06-26T17:03:57Z",
"published": "2020-09-01T16:41:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16011"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227132049/http://www.securityfocus.com/bid/102792"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223"
},
{
"type": "WEB",
"url": "https://research.insecurelabs.org/jquery/test"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/9521"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/6429"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/12531"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-Site Scripting in jquery"
}
gsd-2012-6708
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-6708",
"description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"id": "GSD-2012-6708",
"references": [
"https://www.suse.com/security/cve/CVE-2012-6708.html",
"https://security.archlinux.org/CVE-2012-6708",
"https://alas.aws.amazon.com/cve/html/CVE-2012-6708.html",
"https://packetstormsecurity.com/files/cve/CVE-2012-6708"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-6708"
],
"details": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"id": "GSD-2012-6708",
"modified": "2023-12-13T01:20:17.428237Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/npm:jquery:20120206",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"name": "https://bugs.jquery.com/ticket/11290",
"refsource": "MISC",
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "102792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102792"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.2.0",
"affected_versions": "All versions before 2.2.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-79",
"CWE-937"
],
"date": "2023-07-10",
"description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"fixed_versions": [
"2.2.0"
],
"identifier": "CVE-2012-6708",
"identifiers": [
"GHSA-2pqj-h3vj-pqgw",
"CVE-2012-6708"
],
"not_impacted": "All versions starting from 2.2.0",
"package_slug": "gem/jquery-rails",
"pubdate": "2020-09-01",
"solution": "Upgrade to version 2.2.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://bugs.jquery.com/ticket/11290",
"https://bugs.jquery.com/ticket/12531",
"https://bugs.jquery.com/ticket/6429",
"https://bugs.jquery.com/ticket/9521",
"https://nvd.nist.gov/vuln/detail/CVE-2017-16011",
"https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://snyk.io/vuln/npm:jquery:20120206",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223",
"https://research.insecurelabs.org/jquery/test/",
"https://web.archive.org/web/20200227132049/http://www.securityfocus.com/bid/102792",
"https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59",
"https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml",
"https://github.com/advisories/GHSA-2pqj-h3vj-pqgw"
],
"uuid": "0fd35dd2-c3bc-4df6-ba80-a24c1b23a07d"
},
{
"affected_range": "\u003c6.1.2",
"affected_versions": "All versions before 6.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2019-06-10",
"description": "The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the `\u003c` character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"fixed_versions": [
"6.1.2"
],
"identifier": "CVE-2012-6708",
"identifiers": [
"CVE-2012-6708"
],
"not_impacted": "All versions starting from 6.1.2",
"package_slug": "gem/rdoc",
"pubdate": "2018-01-18",
"solution": "Upgrade to version 6.1.2 or above",
"title": "Cross-site Scripting",
"urls": [
"https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/"
],
"uuid": "ceef6439-170f-4108-950e-1fafaa536e26"
},
{
"affected_range": "[1.7.1,1.8.3]",
"affected_versions": "All versions starting from 1.7.1 up to 1.8.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-79",
"CWE-937"
],
"date": "2021-09-15",
"description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"fixed_versions": [
"1.9.0"
],
"identifier": "CVE-2012-6708",
"identifiers": [
"GHSA-2pqj-h3vj-pqgw",
"CVE-2012-6708"
],
"not_impacted": "All versions before 1.7.1, all versions after 1.8.3",
"package_slug": "maven/org.webjars.npm/jquery",
"pubdate": "2020-09-01",
"solution": "Upgrade to version 1.9.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-16011",
"https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"https://github.com/advisories/GHSA-2pqj-h3vj-pqgw"
],
"uuid": "d561e833-42c6-4ddb-aa70-e8109bf79201"
},
{
"affected_range": "\u003e=1.7.1 \u003c=1.8.3",
"affected_versions": "All versions starting from 1.7.1 up to 1.8.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-79",
"CWE-937"
],
"date": "2021-09-15",
"description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"fixed_versions": [
"1.9.0"
],
"identifier": "CVE-2012-6708",
"identifiers": [
"GHSA-2pqj-h3vj-pqgw",
"CVE-2012-6708"
],
"not_impacted": "All versions before 1.7.1, all versions after 1.8.3",
"package_slug": "npm/jquery",
"pubdate": "2020-09-01",
"solution": "Upgrade to version 1.9.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://bugs.jquery.com/ticket/11290",
"https://bugs.jquery.com/ticket/12531",
"https://bugs.jquery.com/ticket/6429",
"https://bugs.jquery.com/ticket/9521",
"https://www.npmjs.com/advisories/329",
"https://nvd.nist.gov/vuln/detail/CVE-2017-16011",
"https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://snyk.io/vuln/npm:jquery:20120206",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"http://www.securityfocus.com/bid/102792",
"https://github.com/advisories/GHSA-2pqj-h3vj-pqgw"
],
"uuid": "cf6c009f-5d2b-4ffd-9d7f-120dccf2cabc"
},
{
"affected_range": "[1.7.1,1.8.3]",
"affected_versions": "All versions starting from 1.7.1 up to 1.8.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-79",
"CWE-937"
],
"date": "2023-05-31",
"description": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"fixed_versions": [
"1.9.0"
],
"identifier": "CVE-2012-6708",
"identifiers": [
"GHSA-2pqj-h3vj-pqgw",
"CVE-2012-6708"
],
"not_impacted": "All versions before 1.7.1, all versions after 1.8.3",
"package_slug": "nuget/jQuery",
"pubdate": "2020-09-01",
"solution": "Upgrade to version 1.9.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://bugs.jquery.com/ticket/11290",
"https://bugs.jquery.com/ticket/12531",
"https://bugs.jquery.com/ticket/6429",
"https://bugs.jquery.com/ticket/9521",
"https://www.npmjs.com/advisories/329",
"https://nvd.nist.gov/vuln/detail/CVE-2017-16011",
"https://nvd.nist.gov/vuln/detail/CVE-2012-6708",
"https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
"https://snyk.io/vuln/npm:jquery:20120206",
"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html",
"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"http://www.securityfocus.com/bid/102792",
"https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223",
"https://github.com/advisories/GHSA-2pqj-h3vj-pqgw"
],
"uuid": "3f535bf3-0968-423b-a174-74f4e7fb70e7"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6708"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/npm:jquery:20120206",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"name": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"name": "https://bugs.jquery.com/ticket/11290",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"name": "102792",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102792"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0395",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-03-25T16:15Z",
"publishedDate": "2018-01-18T23:29Z"
}
}
}
opensuse-su-2020:0395-1
Vulnerability from csaf_opensuse
Published
2020-03-28 17:16
Modified
2020-03-28 17:16
Summary
Recommended update for ruby2.5
Notes
Title of the patch
Recommended update for ruby2.5
Description of the patch
This update for ruby2.5 toversion 2.5.7 fixes the following issues:
ruby 2.5 was updated to version 2.5.7
- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and
Shell#test (bsc#1152990).
- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and
File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick
Digest access authentication (bsc#1152995).
- CVE-2012-6708: Fixed an XSS in JQuery
- CVE-2015-9251: Fixed an XSS in JQuery
- Fixed unit tests (bsc#1140844)
- Removed some unneeded test files (bsc#1162396).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-395
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for ruby2.5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ruby2.5 toversion 2.5.7 fixes the following issues:\n\t \nruby 2.5 was updated to version 2.5.7 \n\n- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).\n- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and \n Shell#test (bsc#1152990).\n- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).\n- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and \n File.fnmatch? (bsc#1152994).\n- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick \n Digest access authentication (bsc#1152995).\n- CVE-2012-6708: Fixed an XSS in JQuery\n- CVE-2015-9251: Fixed an XSS in JQuery\n- Fixed unit tests (bsc#1140844)\n- Removed some unneeded test files (bsc#1162396).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-395",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0395-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0395-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0395-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZJAMCVFC2KL342QI4W5HGYIZXTNBURQT/"
},
{
"category": "self",
"summary": "SUSE Bug 1140844",
"url": "https://bugzilla.suse.com/1140844"
},
{
"category": "self",
"summary": "SUSE Bug 1152990",
"url": "https://bugzilla.suse.com/1152990"
},
{
"category": "self",
"summary": "SUSE Bug 1152992",
"url": "https://bugzilla.suse.com/1152992"
},
{
"category": "self",
"summary": "SUSE Bug 1152994",
"url": "https://bugzilla.suse.com/1152994"
},
{
"category": "self",
"summary": "SUSE Bug 1152995",
"url": "https://bugzilla.suse.com/1152995"
},
{
"category": "self",
"summary": "SUSE Bug 1162396",
"url": "https://bugzilla.suse.com/1162396"
},
{
"category": "self",
"summary": "SUSE Bug 1164804",
"url": "https://bugzilla.suse.com/1164804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6708 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-9251 page",
"url": "https://www.suse.com/security/cve/CVE-2015-9251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15845 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16254 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16255 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8130 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8130/"
}
],
"title": "Recommended update for ruby2.5",
"tracking": {
"current_release_date": "2020-03-28T17:16:57Z",
"generator": {
"date": "2020-03-28T17:16:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0395-1",
"initial_release_date": "2020-03-28T17:16:57Z",
"revision_history": [
{
"date": "2020-03-28T17:16:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"product": {
"name": "ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"product_id": "ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"product_id": "libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"product_id": "ruby2.5-2.5.7-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"product_id": "ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"product_id": "ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"product_id": "ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64",
"product": {
"name": "ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64",
"product_id": "ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch"
},
"product_reference": "ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
},
"product_reference": "ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-6708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6708"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6708",
"url": "https://www.suse.com/security/cve/CVE-2012-6708"
},
{
"category": "external",
"summary": "SUSE Bug 1111661 for CVE-2012-6708",
"url": "https://bugzilla.suse.com/1111661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2012-6708"
},
{
"cve": "CVE-2015-9251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-9251"
}
],
"notes": [
{
"category": "general",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-9251",
"url": "https://www.suse.com/security/cve/CVE-2015-9251"
},
{
"category": "external",
"summary": "SUSE Bug 1099458 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1099458"
},
{
"category": "external",
"summary": "SUSE Bug 1100133 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1100133"
},
{
"category": "external",
"summary": "SUSE Bug 1111660 for CVE-2015-9251",
"url": "https://bugzilla.suse.com/1111660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2019-15845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15845"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15845",
"url": "https://www.suse.com/security/cve/CVE-2019-15845"
},
{
"category": "external",
"summary": "SUSE Bug 1152994 for CVE-2019-15845",
"url": "https://bugzilla.suse.com/1152994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-15845"
},
{
"cve": "CVE-2019-16201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16201"
}
],
"notes": [
{
"category": "general",
"text": "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16201",
"url": "https://www.suse.com/security/cve/CVE-2019-16201"
},
{
"category": "external",
"summary": "SUSE Bug 1152995 for CVE-2019-16201",
"url": "https://bugzilla.suse.com/1152995"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-16201"
},
{
"cve": "CVE-2019-16254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16254"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16254",
"url": "https://www.suse.com/security/cve/CVE-2019-16254"
},
{
"category": "external",
"summary": "SUSE Bug 1152992 for CVE-2019-16254",
"url": "https://bugzilla.suse.com/1152992"
},
{
"category": "external",
"summary": "SUSE Bug 1165402 for CVE-2019-16254",
"url": "https://bugzilla.suse.com/1165402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-16254"
},
{
"cve": "CVE-2019-16255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16255"
}
],
"notes": [
{
"category": "general",
"text": "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16255",
"url": "https://www.suse.com/security/cve/CVE-2019-16255"
},
{
"category": "external",
"summary": "SUSE Bug 1152990 for CVE-2019-16255",
"url": "https://bugzilla.suse.com/1152990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-16255"
},
{
"cve": "CVE-2020-8130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8130"
}
],
"notes": [
{
"category": "general",
"text": "There is an OS command injection vulnerability in Ruby Rake \u003c 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8130",
"url": "https://www.suse.com/security/cve/CVE-2020-8130"
},
{
"category": "external",
"summary": "SUSE Bug 1164804 for CVE-2020-8130",
"url": "https://bugzilla.suse.com/1164804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libruby2_5-2_5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-devel-extra-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-2.5.7-lp151.4.6.1.x86_64",
"openSUSE Leap 15.1:ruby2.5-doc-ri-2.5.7-lp151.4.6.1.noarch",
"openSUSE Leap 15.1:ruby2.5-stdlib-2.5.7-lp151.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-28T17:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2020-8130"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…