Vulnerabilites related to redhat - openshift
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
openvswitch | openvswitch | 2.2.0 | |
openvswitch | openvswitch | 2.3.0 | |
openvswitch | openvswitch | 2.3.1 | |
openvswitch | openvswitch | 2.3.2 | |
openvswitch | openvswitch | 2.4.0 | |
redhat | openshift | 3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4A796838-9780-419B-9EAD-2360626C4695", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "B37942A8-CBC2-4750-9299-E39076F1D6F1", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "30BB36D5-5E72-40BC-8C38-1804F48E0D30", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8D03F8D4-40DA-4B83-8C5A-571DF817081D", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "166C64EF-1F33-4257-AA88-83B37C128B9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.", }, { lang: "es", value: "Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo demostrado por una cadena larga en un comando ovs-appctl.", }, ], id: "CVE-2016-2074", lastModified: "2024-11-21T02:47:45.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-03T21:59:10.837", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3533", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/85700", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:0615", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { source: "cve@mitre.org", url: "https://security-tracker.debian.org/tracker/CVE-2016-2074", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201701-07", }, { source: "cve@mitre.org", url: "https://support.citrix.com/article/CTX232655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/85700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security-tracker.debian.org/tracker/CVE-2016-2074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201701-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.citrix.com/article/CTX232655", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
rubygems | rubygems | * | |
rubygems | rubygems | 1.8.0 | |
rubygems | rubygems | 1.8.1 | |
rubygems | rubygems | 1.8.2 | |
rubygems | rubygems | 1.8.3 | |
rubygems | rubygems | 1.8.4 | |
rubygems | rubygems | 1.8.5 | |
rubygems | rubygems | 1.8.6 | |
rubygems | rubygems | 1.8.7 | |
rubygems | rubygems | 1.8.8 | |
rubygems | rubygems | 1.8.9 | |
rubygems | rubygems | 1.8.10 | |
rubygems | rubygems | 1.8.11 | |
rubygems | rubygems | 1.8.12 | |
rubygems | rubygems | 1.8.13 | |
rubygems | rubygems | 1.8.14 | |
rubygems | rubygems | 1.8.15 | |
rubygems | rubygems | 1.8.16 | |
rubygems | rubygems | 1.8.17 | |
rubygems | rubygems | 1.8.18 | |
rubygems | rubygems | 1.8.19 | |
rubygems | rubygems | 1.8.20 | |
rubygems | rubygems | 1.8.21 | |
redhat | openshift | 1.2.2 | |
canonical | ubuntu_linux | 12.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", matchCriteriaId: "129BE399-B405-4DF1-987B-6DA24172FC19", versionEndIncluding: "1.8.22", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.2.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "09EC6448-BC55-49B3-A224-B650764B3A1A", vulnerable: false, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.", }, { lang: "es", value: "RubyGems anteriores a 1.8.23 no verifican un certificado SSL, lo cual permite a atacantes remotos modificar una gema durante la instalación a través de un ataque man-in-the-middle.", }, ], id: "CVE-2012-2126", lastModified: "2024-11-21T01:38:33.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-01T17:55:03.367", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/55381", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/55381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 17.10 | |
canonical | ubuntu_linux | 18.04 | |
redhat | ceph_storage | 3.0 | |
redhat | enterprise_linux_fast_datapath | 7.0 | |
redhat | openshift | 3.0 | |
redhat | openstack | 8 | |
redhat | openstack | 9 | |
redhat | openstack | 10 | |
redhat | openstack | 11 | |
redhat | openstack | 12 | |
redhat | virtualization | 4.0 | |
redhat | virtualization | 4.1 | |
redhat | virtualization_manager | 4.1 | |
redhat | enterprise_linux | 7.0 | |
dpdk | data_plane_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", matchCriteriaId: "516F4E8E-ED2F-4282-9DAB-D8B378F61258", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*", matchCriteriaId: "559A4609-EC7E-40CD-9165-5DA68CBCEE9B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", matchCriteriaId: "E8B8C725-34CF-4340-BE7B-37E58CF706D6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", matchCriteriaId: "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", matchCriteriaId: "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", matchCriteriaId: "4E9AF77C-5D49-4842-9817-AD710A919073", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", matchCriteriaId: "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*", matchCriteriaId: "03EB0F63-DB24-4240-BC44-C92BAE7EAF42", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "AF786B57-02C3-48B7-B902-318356B3A3B6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "723DDE45-6CD8-4486-B742-FCFA0EA88873", versionEndExcluding: "18.02.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.", }, { lang: "es", value: "La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. Todas las versiones anteriores a la 18.02.1 son vulnerables.", }, ], id: "CVE-2018-1059", lastModified: "2024-11-21T03:59:05.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-24T18:29:00.233", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1267", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2038", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2102", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:2524", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2018-1059", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3642-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3642-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2102", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:2524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2018-1059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3642-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3642-2/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2103220 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2103220 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*", matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.", }, { lang: "es", value: "Openshift 4.9 no utiliza HTTP Strict Transport Security (HSTS), que puede permitir ataques de intermediario (MITM).", }, ], id: "CVE-2022-3259", lastModified: "2024-11-21T07:19:09.773", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-09T18:15:19.617", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-665", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/213651 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6529200 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/213651 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6529200 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_pak_for_security | 1.7.0.0 | |
ibm | cloud_pak_for_security | 1.7.1.0 | |
ibm | cloud_pak_for_security | 1.7.2.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.", }, { lang: "es", value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.2.0, 1.7.1.0 y 1.7.0.0, podría permitir que un usuario autenticado obtuviera información confidencial en las respuestas HTTP que podría ser usada en otros ataques contra el sistema. IBM X-Force ID: 213651", }, ], id: "CVE-2021-39013", lastModified: "2024-11-21T06:18:24.683", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-22T17:15:09.063", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6529200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6529200", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7028218 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7028218 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "EC8BCB15-DD67-4718-9F68-ED2FA305AFEF", versionEndIncluding: "21.0.7.1", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "70BC850D-2B60-48ED-9500-A445A18B905B", versionEndIncluding: "21.0.7.1", versionStartIncluding: "21.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.\n\n", }, ], id: "CVE-2023-40370", lastModified: "2024-11-21T08:19:18.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T22:15:08.700", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028218", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.", }, { lang: "es", value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo.", }, ], id: "CVE-2016-3724", lastModified: "2024-11-21T02:50:34.803", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:08.843", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6952435 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6952435 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | app_connect_enterprise | * | |
ibm | app_connect_enterprise | 12.0.4.0 | |
ibm | app_connect_enterprise | 12.0.5.0 | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
ibm | app_connect_enterprise_certified_container | 4.1 | |
ibm | app_connect_enterprise_certified_container | 4.2 | |
ibm | app_connect_enterprise_certified_container | 5.0 | |
ibm | app_connect_enterprise_certified_container | 5.1 | |
ibm | app_connect_enterprise_certified_container | 5.2 | |
ibm | app_connect_enterprise_certified_container | 6.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "88D39D31-4C45-4BEC-96AA-2A95B866C6C1", versionEndIncluding: "11.0.0.19", versionStartIncluding: "11.0.0.17", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3718A35D-12A7-4E89-8064-80E649966613", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise:12.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "BBA5E7D8-685A-4A33-A6B0-10EA8F8E0775", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*", matchCriteriaId: "C4BF8AF2-0047-4E43-AEDF-0D4D54446876", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*", matchCriteriaId: "37215CD7-7390-4BCD-AA3A-E1B233875147", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*", matchCriteriaId: "B9B1A13B-7F98-44A6-9933-A0052E93D7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*", matchCriteriaId: "9816F05C-8D57-48AD-9E64-907CDB24D612", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*", matchCriteriaId: "3C7B481C-86B1-44B0-AB68-48C1739B0DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*", matchCriteriaId: "ACA125F0-42C5-40E2-A63D-FDE0444A7D32", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n", }, ], id: "CVE-2022-42439", lastModified: "2024-11-21T07:24:58.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-06T21:15:09.200", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6952435", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/94110 | Third Party Advisory, VDB Entry, Vendor Advisory | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:2696 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94110 | Third Party Advisory, VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2696 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.", }, { lang: "es", value: "El router OpenShift Enterprise 3 no clasifica correctamente las rutas al procesar rutas añadidas recientemente. Un atacante con acceso para crear rutas puede sobrescribir las rutas existentes y redirigir el tráfico de red de otros usuarios a su propio sitio.", }, ], id: "CVE-2016-8631", lastModified: "2024-11-21T02:59:43.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-31T20:29:00.370", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/94110", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2696", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/94110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", }, { lang: "es", value: "Los widgets de panel lateral en el comando CLI de la páginas de resumen y ayuda en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permiten a atacantes remotos obtener información sensible a través de una petición directa a las páginas.", }, ], id: "CVE-2015-5321", lastModified: "2024-11-21T02:32:47.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:12.447", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/239081 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6852663 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/239081 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6852663 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "F1749AC0-F96C-457C-9F0D-122C638EFE72", versionEndExcluding: "21.0.3.1", versionStartIncluding: "20.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.", }, { lang: "es", value: "IBM Robotic Process Automation para Cloud Pak 20.12 a 21.0.3 es vulnerable a un control de acceso roto. Un usuario no es redirigido correctamente a la pantalla de cierre de sesión de la plataforma cuando cierra sesión en IBM RPA para Cloud Pak. ID de IBM X-Force: 239081.", }, ], id: "CVE-2022-43844", lastModified: "2024-11-21T07:27:16.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-05T18:15:08.880", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852663", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-613", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6855835 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6855835 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_as_a_service | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
microsoft | windows | - | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15415B7F-CCF3-4587-906E-F8C4DA4EC873", versionEndExcluding: "21.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "FD7C2384-44EA-43D6-858A-63B83F9C502B", versionEndExcluding: "21.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "3B2CED36-4A9B-4B88-A31F-AF19C6E269F2", versionEndExcluding: "21.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.", }, { lang: "es", value: "IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. ID de IBM X-Force: 244075.", }, ], id: "CVE-2023-22594", lastModified: "2024-11-21T07:45:01.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-18T19:15:12.647", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855835", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permiten a atacantes remotos obtener información sensible a través de petición directa a queue/api.", }, ], id: "CVE-2015-5324", lastModified: "2024-11-21T02:32:47.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:15.950", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | ansible_engine | 2.0 | |
redhat | ansible_engine | 2.4 | |
redhat | ansible_engine | 2.5 | |
redhat | ansible_engine | 2.6 | |
redhat | ceph_storage | 2.0 | |
redhat | ceph_storage | 3.0 | |
redhat | gluster_storage | 3.0.0 | |
redhat | openshift | 3.0 | |
redhat | openstack | 10 | |
redhat | openstack | 12 | |
redhat | openstack | 13 | |
redhat | virtualization | 4.0 | |
redhat | virtualization_host | 4.0 | |
debian | debian_linux | 9.0 | |
suse | package_hub | - | |
suse | suse_linux_enterprise_server | 12 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.04 | |
debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ansible_engine:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8989CD03-49A1-4831-BF98-9F21592788BE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_engine:2.4:*:*:*:*:*:*:*", matchCriteriaId: "5864D753-2A37-4800-A73E-6ACA0662B605", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_engine:2.5:*:*:*:*:*:*:*", matchCriteriaId: "4C5A40D5-4DF7-43D9-962E-1529D2DF198D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_engine:2.6:*:*:*:*:*:*:*", matchCriteriaId: "13BACD7C-AC7E-4D86-8D9B-ABB614005D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D07DF15E-FE6B-4DAF-99BB-2147CF7D7EEA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*", matchCriteriaId: "516F4E8E-ED2F-4282-9DAB-D8B378F61258", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E58427C-8EBB-4E51-B268-EC1AB34E81A7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", matchCriteriaId: "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*", matchCriteriaId: "4D4AC996-B340-4A14-86F7-FF83B4D5EC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", matchCriteriaId: "704CFA1A-953E-4105-BFBE-406034B83DED", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", matchCriteriaId: "284A8DA0-317B-4BBE-AECB-7E91BBF0DD3B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", matchCriteriaId: "9C649194-B8C2-49F7-A819-C635EE584ABF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", }, { lang: "es", value: "Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario.", }, ], id: "CVE-2018-10875", lastModified: "2024-11-21T03:42:11.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-13T22:29:00.220", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041396", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:3788", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2150", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2151", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2152", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2166", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2321", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2585", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0054", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4072-1/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:3788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4072-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4396", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | jboss_enterprise_brms_platform | 5.3.1 | |
redhat | jboss_enterprise_portal_platform | 4.3.0 | |
redhat | jboss_enterprise_portal_platform | 5.2.2 | |
redhat | jboss_enterprise_portal_platform | 6.0.0 | |
redhat | jboss_enterprise_web_server | 1.0.2 | |
redhat | openshift | * | |
ubuntu | ubuntu | 10.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A6B1CE36-5131-425D-90BD-FC597F27B3E4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*", matchCriteriaId: "C9C9C8B4-693E-4777-BC31-5933147DFC54", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AC0F117C-E25C-4B0C-9459-4BB4413440CB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "36684290-780F-444A-8534-907C52796F6A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ubuntu:ubuntu:10.04:*:lts:*:*:*:*:*", matchCriteriaId: "C0939929-26C2-4BD4-A57A-38CCE953D47B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.", }, { lang: "es", value: "La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada.", }, ], id: "CVE-2013-2186", lastModified: "2024-11-21T01:51:12.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-28T21:55:05.157", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/55716", }, { source: "secalert@redhat.com", url: "http://ubuntu.com/usn/usn-2029-1", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2827", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/63174", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133", }, { source: "secalert@redhat.com", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "secalert@redhat.com", url: "https://www.tenable.com/security/research/tra-2016-23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/55716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ubuntu.com/usn/usn-2029-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2827", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/63174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/research/tra-2016-23", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1064 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1064 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.2 permite a usuarios remotos autenticados leer archivos de registro de otro espacio de nombre utilizando el mismo nombre que un espacio de nombre que haya sido eliminado cuando se crea un nuevo espacio de nombre.", }, ], id: "CVE-2016-2149", lastModified: "2024-11-21T02:47:54.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:01.767", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2106780 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2106780 | Exploit, Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*", matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.", }, { lang: "es", value: "El encabezado de respuesta no ha habilitado X-FRAME-OPTIONS, lo que ayuda a prevenir ataques de Clickjacking. Algunos navegadores interpretarían estos resultados incorrectamente, permitiendo ataques de clickjacking.", }, ], id: "CVE-2022-3260", lastModified: "2024-11-21T07:19:09.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-08T16:15:13.237", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1021", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1021", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/103754 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1443003 | Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103754 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1443003 | Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B196A82-385B-492A-8927-723CB8690CCC", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*", matchCriteriaId: "A8F8362B-DA49-439F-ADA1-B5BA443F91F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.", }, { lang: "es", value: "Las versiones 3.x de OpenShift Enterprise son vulnerables a Cross-Site Scripting (XSS) persistente mediante el visor de logs para pods. El error se debe a la falta de saneamiento de entradas de usuario, específicamente los caracteres de escape de terminal, y la creación de enlaces sobre los que se puede hacer clic automáticamente al ver los archivos log para un pod.", }, ], id: "CVE-2017-7534", lastModified: "2024-11-21T03:32:06.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-11T19:29:00.213", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103754", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 1.0 | |
redhat | openshift_origin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*", matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*", matchCriteriaId: "3F4086F4-8220-4036-B579-047F501BD5FD", versionEndIncluding: "1.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.", }, { lang: "es", value: "Vulnerabilidad de redirección en node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos redirigir usuarios a sitios Web Arbitrarios y llevar a cabo ataques de phishing mediante una URL en el PATH_INFO.", }, ], id: "CVE-2012-5647", lastModified: "2024-11-21T01:45:02.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-02-24T21:55:01.003", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/89430", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/57189", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/pull/1017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/89430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/57189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/pull/1017", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.", }, { lang: "es", value: "El archivo cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh en OpenShift, no crea apropiadamente los archivos en /tmp.", }, ], id: "CVE-2013-0165", lastModified: "2024-11-21T01:46:58.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-01T19:15:10.713", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "F691DFE3-627D-42E2-998F-6C613070F02A", versionEndExcluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.", }, { lang: "es", value: "La configuración predeterminada de broker.conf en Red Hat OpenShift Enterprise versiones 2.x anteriores a 2.1, presenta una contraseña de \"mooo\" para una cuenta Mongo, lo que permite a atacantes remotos secuestrar el broker al proporcionar esta contraseña, relacionada con el script openshift.sh en Openshift Extras versiones anteriores a 20130920. NOTA: esto puede solaparse a CVE-2013-4253 y CVE-2013-4281.", }, ], id: "CVE-2014-0234", lastModified: "2024-11-21T02:01:43.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-12T01:15:10.453", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2014/06/05/19", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/67657", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/master/README.md", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2014/06/05/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/67657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/master/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1188", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/104688 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 | Issue Tracking, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104688 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 | Issue Tracking, Mitigation, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "2468A2E6-AAB4-4C14-BC48-BCAAB0797639", versionEndExcluding: "3.10.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.", }, { lang: "es", value: "En atomic-openshift en versiones anteriores a la 3.10.9 una configuración network-policy maliciosa puede provocar que Openshift Routing se cierre inesperadamente al emplear el plugin ovs-networkpolicy. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en un cluster de Openshift 3.9 o 3.7.", }, ], id: "CVE-2018-10885", lastModified: "2024-11-21T03:42:13.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-05T13:29:00.507", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104688", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.", }, { lang: "es", value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificados.", }, ], id: "CVE-2016-3723", lastModified: "2024-11-21T02:50:34.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:07.983", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7012317 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7012317 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "C57E2C04-308A-42DE-B945-9CAD07C04128", versionEndIncluding: "21.0.7.6", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "BF74B5C0-FD77-43F9-8476-ABC00BEB21D0", versionEndIncluding: "23.0.6", versionStartIncluding: "23.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6288FF16-4A1E-4CB5-9774-43B11A9B4628", versionEndIncluding: "21.0.7.6", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "477F2A15-C146-464B-8E41-B7BAEEE54604", versionEndIncluding: "21.0.7.6", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "8F1B94FF-5A9A-46A0-B504-B22ABA675D22", versionEndIncluding: "23.0.6", versionStartIncluding: "23.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.", }, ], id: "CVE-2023-35901", lastModified: "2024-11-21T08:08:57.287", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-17T00:15:09.547", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7012317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7012317", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "0FB4CEB9-3106-41D7-BBAA-FA92D2698FA4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "4B196A82-385B-492A-8927-723CB8690CCC", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "2C73555F-B229-4946-B27B-E0FADA31625F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:enterprise:*:*:*", matchCriteriaId: "A8F8362B-DA49-439F-ADA1-B5BA443F91F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.", }, { lang: "es", value: "Se ha encontrado un error en la función source-to-image tal y como se distribuye con Openshift Enterprise 3.x. Una validación incorrecta de archivos tar en ExtractTarStreamFromTarReader en tar/tar.go conduce a un escalado de privilegios.", }, ], id: "CVE-2018-1102", lastModified: "2024-11-21T03:59:11.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-30T19:29:00.217", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1227", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1229", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1231", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1233", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1235", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1237", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1239", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1241", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1243", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0036", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1235", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1243", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "99D411C8-56FB-4F1A-9822-C9D3153B365A", versionEndIncluding: "1.596.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D", versionEndIncluding: "1.605", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.", }, { lang: "es", value: "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1813.", }, ], id: "CVE-2015-1812", lastModified: "2024-11-21T02:26:11.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-10-16T20:59:09.777", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 no restringe adecuadamente el acceso a tokens de la API lo que podría permitir a administradores remotos obtener privilegios y ejecutar secuencias de comandos mediante el uso de un token de API de otro usuario.", }, ], id: "CVE-2015-5323", lastModified: "2024-11-21T02:32:47.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:14.730", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "109EBD2A-8A2B-4E06-8103-06A029FEEE15", versionEndIncluding: "4.3", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.", }, { lang: "es", value: "Se encontró una vulnerabilidad en las compilaciones de OpenShift, versiones 4.1 hasta 4.3. Las compilaciones que extraen el origen de una imagen de contenedor, omiten la comprobación del nombre del host TLS. Un atacante puede tomar ventaja de este fallo iniciando un ataque de tipo man-in-the-middle e inyectando contenido malicioso.", }, ], id: "CVE-2019-14845", lastModified: "2024-11-21T04:27:29.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-08T19:15:10.340", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2019:4101", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2019:4237", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:4101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:4237", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047017 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047017 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | 23.0.9 | |
ibm | robotic_process_automation_for_cloud_pak | 23.0.9 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.9:*:*:*:*:*:*:*", matchCriteriaId: "AC075F8A-E9D9-4D69-B478-6AB8D2D3C790", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:23.0.9:*:*:*:*:*:*:*", matchCriteriaId: "9AACEC45-6187-40E2-8F0C-CFB019253E74", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.", }, { lang: "es", value: "IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527.", }, ], id: "CVE-2023-43058", lastModified: "2024-11-21T08:23:39.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-06T14:15:12.197", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047017", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.", }, { lang: "es", value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno.", }, ], id: "CVE-2016-3721", lastModified: "2024-11-21T02:50:34.390", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2016-05-17T14:08:05.593", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-17", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes eludir las restricciones slave-to-master destinadas al acceso aprovechando un esclavo JNLP. NOTA: esta vulnerabilidad existe a causa de una solución incompleta para CVE-2014-3665.", }, ], id: "CVE-2015-5325", lastModified: "2024-11-21T02:32:47.910", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:17.107", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/94935 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:2915 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94935 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2915 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 | Issue Tracking, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 3.0 | |
redhat | openshift_container_platform | 3.1 | |
redhat | openshift_container_platform | 3.2 | |
redhat | openshift_container_platform | 3.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*", matchCriteriaId: "93E3194E-7082-4E21-867B-FB4ECF482A07", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*", matchCriteriaId: "C10044B3-FBB1-4031-9060-D3A2915B164C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*", matchCriteriaId: "EA3ADA26-2B9E-4ABA-A224-910BD75CCE00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.", }, { lang: "es", value: "S ha encontrado un error de validación de entradas en la forma en la que OpenShift 3 gestiona peticiones para imágenes. Un usuario, con una copia del manifiesto asociado con una imagen, puede extraer una imagen incluso aunque normalmente no cuente con acceso a la misma. Esto resulta en la divulgación de información contenida en la imagen.", }, ], id: "CVE-2016-8651", lastModified: "2024-11-21T02:59:46.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.7, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-01T16:29:00.273", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94935", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2915", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2160349 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2160349 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*", matchCriteriaId: "275413B5-6C5D-4125-9396-0DAE614887E8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.12:*:*:*:*:*:*:*", matchCriteriaId: "D6EE29F1-AE5C-4B2D-9C28-68D10F2DFCB1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.", }, { lang: "es", value: "Se encontró un fallo en github.com/openshift/apiserver-library-go, utilizado en OpenShift 4.12 y 4.11. Dicho fallo puede permitir a los usuarios con pocos privilegios configurar el perfil seccomp para los pods que controlan en \"unconfined\". De forma predeterminada, el perfil seccomp utilizado en la restricción de contexto (restricted-v2 Security Context Constraint, SCC) es \"runtime/default\", lo que permite a los usuarios deshabilitar seccomp para los pods que pueden crear y modificar.", }, ], id: "CVE-2023-0229", lastModified: "2024-11-21T07:36:47.110", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-26T21:18:06.900", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7", versionEndIncluding: "1.580.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9", versionEndIncluding: "1.599", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.", }, { lang: "es", value: "La clase HudsonPrivateSecurityRealm en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 no restringe el acceso a nombres reservados cuando usan la configuración \"base de datos de usuario propia Jenkins\", lo que permite a atacantes remotos obtener privilegios creando un nombre reservado.", }, ], id: "CVE-2015-1810", lastModified: "2024-11-21T02:26:11.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-16T20:59:08.717", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7", versionEndIncluding: "1.580.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9", versionEndIncluding: "1.599", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados con ciertos permisos para leer archivos arbitrarios a través de un enlace simbólico, relacionado con los objetos de construcción.", }, ], id: "CVE-2015-1807", lastModified: "2024-11-21T02:26:11.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-16T20:59:06.433", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2013-0163 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2013-0163 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS", }, { lang: "es", value: "Un cartucho haproxy de OpenShift: un /tmp predecible en el enlace de conexión set-proxy que podría facilitar una DoS.", }, ], id: "CVE-2013-0163", lastModified: "2024-11-21T01:46:58.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-05T15:15:11.000", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-0163", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-0163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "6EAA87A1-BA40-4A91-B042-3EFD799C3FA2", versionEndExcluding: "4.3.17", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "48D8AB57-AD2F-406F-9FBA-CF74BFAF90EF", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", matchCriteriaId: "18260EE8-9BC0-4BA1-9642-90FE052E8B18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", matchCriteriaId: "B0BB81C3-29FD-4AE0-8D46-456FAF135F6C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "00280604-1DC1-4974-BF73-216C5D76FFA3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", matchCriteriaId: "EC361999-AAD8-4CB3-B00E-E3990C3529B4", versionEndExcluding: "7.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8", versionEndExcluding: "8.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "468931C8-C76A-4E47-BF00-185D85F719C5", versionEndExcluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", matchCriteriaId: "97C1FA4C-5163-420C-A01A-EA36F1039BBB", versionEndExcluding: "6.1.0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", matchCriteriaId: "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8B65CD29-C729-42AC-925E-014BA19581E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7E856B4A-6AE7-4317-921A-35B4D2048652", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*", matchCriteriaId: "51C25F23-6800-48A2-881C-C2A2C3FA045C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "ADEA6A93-BD78-47DC-B3C3-6D27239C6647", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E5104F0A-CD23-4A6E-AD59-B6F5A949B006", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "350DFE94-C24A-40FE-98F8-246D5B7F9D83", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "499A382A-8183-4080-8D48-0E00D5E44EE6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "81C24CC1-850E-4BB2-9B50-ABE61984451E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1C4A89F2-713D-4A36-9D28-22748D30E0FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CDFABB2C-2FA2-4F83-985B-7FCEAF274418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "6A609003-8687-40B4-8AC3-06A1534ADE30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "9027528A-4FE7-4E3C-B2DF-CCCED22128F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", matchCriteriaId: "2A699D02-296B-411E-9658-5893240605D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7036576C-2B1F-413D-B154-2DBF9BFDE7E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", matchCriteriaId: "641D134E-6C51-4DB8-8554-F6B5222EF479", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C79B50C2-27C2-4A9C-ACEE-B70015283F58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", matchCriteriaId: "DB6321F8-7A0A-4DB8-9889-3527023C652A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", matchCriteriaId: "25F8E604-8180-4728-AD2D-7FF034E3E65A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", matchCriteriaId: "02867DC7-E669-43C0-ACC4-E1CAA8B9994C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FBAFA631-C92B-4FF7-8E65-07C67789EBCD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", matchCriteriaId: "9652104A-119D-4327-A937-8BED23C23861", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", matchCriteriaId: "6CBFA960-D242-43ED-8D4C-A60F01B70740", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", matchCriteriaId: "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "07630491-0624-4C5C-A858-C5D3CDCD1B68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EC9CA11F-F718-43E5-ADB9-6C348C75E37A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", matchCriteriaId: "EAA4DF85-9225-4422-BF10-D7DAE7DCE007", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", matchCriteriaId: "77C2A2A4-285B-40A1-B9AD-42219D742DD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*", matchCriteriaId: "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", matchCriteriaId: "6FFEA075-11EB-4E99-92A1-8B2883C64CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", matchCriteriaId: "21973CDD-D16E-4321-9F8E-67F4264D7C21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "909A7F73-0164-471B-8EBD-1F70072E9809", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2CE08DC9-5153-48D6-B23C-68A632FF8FF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", matchCriteriaId: "70D4467D-6968-4557-AF61-AFD42B2B48D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EE188B12-D28E-490C-9948-F5305A7D55BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.", }, { lang: "es", value: "Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegación de servicio (DoS) de expresión regular.", }, ], id: "CVE-2018-1257", lastModified: "2024-11-21T03:59:28.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-11T20:29:00.213", references: [ { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104260", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1809", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2018-1257", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2018-1257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).", }, { lang: "es", value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación de permisos. NOTA: este problema puede darse en combinación con el envenenamiento de la caché DNS para provocar una denegación de servicio (interrupción de servicio).", }, ], id: "CVE-2016-3725", lastModified: "2024-11-21T02:50:34.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:09.780", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phusion:passenger:4.0.0:beta1:*:*:*:ruby:*:*", matchCriteriaId: "B8D22A17-F554-44FE-82EF-408BC8940C18", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.0:beta2:*:*:*:ruby:*:*", matchCriteriaId: "0F2D0D37-F5E6-43A9-8D8C-2A8B8224C9C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.", }, { lang: "es", value: "RubyGems passenger versión 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio.", }, ], id: "CVE-2012-6135", lastModified: "2024-11-21T01:45:53.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-19T17:15:11.237", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/03/02/1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-6135", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.securityfocus.com/bid/58259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/03/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-6135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.securityfocus.com/bid/58259", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1978621 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1978621 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "204FB913-E9B7-448F-8557-4100BF2ADDA9", versionEndExcluding: "4.8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.", }, { lang: "es", value: "Se encontró en OpenShift, anterior a versión 4.8, que el certificado generado para la CA de servicio en el clúster, incluía incorrectamente certificados adicionales. La CA de servicio se monta automáticamente en todos los pods, permitiéndoles conectarse de forma segura a los servicios confiables del clúster que presentan certificados firmados por la CA de servicio confiable. Una inclusión incorrecta de CAs adicionales en este certificado podría permitir a un atacante que comprometiera cualquiera de las CAs adicionales hacerse pasar por un servicio confiable dentro del clúster", }, ], id: "CVE-2021-3636", lastModified: "2024-11-21T06:22:02.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-30T20:15:07.687", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/159465 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10886591 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/159465 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10886591 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_private | * | |
ibm | cloud_private | * | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*", matchCriteriaId: "9394AFCC-A7FA-414D-B6AD-B62ECD9863B3", versionEndIncluding: "3.0.1", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_private:*:*:*:*:*:*:*:*", matchCriteriaId: "DCDA100F-86AF-4BBF-B7CA-5C68170BD58E", versionEndIncluding: "2.3.1", versionStartIncluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.", }, { lang: "es", value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private versión 1.0.0 hasta 3.0.1) almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leída por un usuario local. ID de IBM X-Force: 159465.", }, ], id: "CVE-2019-4239", lastModified: "2024-11-21T04:43:21.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-14T15:29:00.277", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191", versionEndIncluding: "1.642.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.", }, { lang: "es", value: "Múltiples terminales API no especificadas en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de datos serializados en un archivo XML, relacionado con XStream y groovy.util.Expando.", }, ], id: "CVE-2016-0792", lastModified: "2024-11-21T02:42:23.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:03.957", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/42394/", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/43375/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/42394/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/43375/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Kubernetes, tal como se utiliza en Red Hat OpenShift Enterprise 3.0, permite a atacantes escribir a archivos arbitrarios a través de un nombre de tipo objeto manipulado, que no es manejado correctamente antes de pasarlo a etcd.", }, ], id: "CVE-2015-5305", lastModified: "2024-11-21T02:32:45.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-06T18:59:00.110", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2015:1945", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2015:1945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "F788739F-0B28-4751-9A4E-E0C5B7F79613", versionEndExcluding: "4.6.52", versionStartIncluding: "4.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "4C2659CC-7CA5-49B2-901D-DE3E1693C3E3", versionEndExcluding: "4.7.40", versionStartIncluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "BE4321F9-4224-47EF-9853-9C891EFB86DD", versionEndExcluding: "4.8.24", versionStartIncluding: "4.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.", }, { lang: "es", value: "Se ha detectado que la corrección original para log4j CVE-2021-44228 y CVE-2021-45046 en los contenedores hive de medición de OpenShift estaba incompleta, ya que no fueron eliminados todos los archivos JndiLookup.class. Esta CVE sólo es aplicada a imágenes de contenedores hive de OpenShift Metering, enviadas en OpenShift versiones 4.8, 4.7 y 4.6.", }, ], id: "CVE-2021-4125", lastModified: "2024-11-21T06:36:57.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-24T16:15:09.483", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-4125", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-44228", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-45046", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/71", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/72", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/73", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-4125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-44228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-45046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/71", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/72", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kube-reporting/hive/pull/73", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift_origin | - | |
redhat | openshift | 3.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*", matchCriteriaId: "01B75475-8415-46F8-A5B8-323527336611", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti.", }, ], id: "CVE-2016-2160", lastModified: "2024-11-21T02:47:55.857", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:03.250", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openshift/origin/pull/7864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openshift/origin/pull/7864", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "E99FF97F-2A6C-4589-996B-FACCAFAE56E3", versionEndExcluding: "3.11.188-4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "9F64F6AE-D8DF-490B-991F-F90D705945F5", versionEndExcluding: "4.1.37", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A6C41B-575B-486E-AC21-429F507E1447", versionEndExcluding: "4.2.21", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "15747A3D-8D4B-42B6-A210-C9E533067A7B", versionEndExcluding: "4.3.5", versionStartIncluding: "4.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios.", }, ], id: "CVE-2019-19346", lastModified: "2024-11-21T04:34:37.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-02T20:15:15.317", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice | Third Party Advisory | |
secalert@redhat.com | https://www.openwall.com/lists/oss-security/2014/06/05/19 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2014/06/05/19 | Mailing List, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:-:*:*:*", matchCriteriaId: "8AFA9951-AB69-4B63-9459-957A683484FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.", }, { lang: "es", value: "El script de despliegue en el conjunto de scripts complementarios \"OpenShift Extras\" no soportados, en Red Hat Openshift versión 1, instala una clave pública por defecto en el archivo authorized_keys del usuario root", }, ], id: "CVE-2013-4253", lastModified: "2024-11-21T01:55:13.233", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-19T18:15:11.150", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-377", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
f5 | container_ingress_service | 1.9.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "B7C34CCD-152B-4D8B-A89C-A6607A61A7CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.", }, { lang: "es", value: "En la versión 1.9.0, si el registro DEBUG está habilitado, F5 Container Ingress Service (CIS) para archivos de registro de Kubernetes y Red Hat OpenShift (k8s-bigip-ctlr) pueden contener secretos de BIG-IP, tales como Claves Privadas de SSL y Frases de Contraseña de la Clave Privada proporcionadas como entradas para una Declaración AS3.", }, ], id: "CVE-2019-6648", lastModified: "2024-11-21T04:46:52.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-04T16:15:11.060", references: [ { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K74327432", }, { source: "f5sirt@f5.com", url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K74327432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medium=RSS", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 no verifica adecuadamente el secreto compartido utilizado en conexiones esclavo JNLP, lo que permite a atacantes remotos conectar como esclavos y obtener información sensible o posiblemente obtener acceso administrativo aprovechando el conocimiento del nombre de un esclavo.", }, ], id: "CVE-2015-5320", lastModified: "2024-11-21T02:32:47.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:11.447", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/97580 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:0868 | Third Party Advisory | |
cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229 | Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97580 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:0868 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json | Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
smartbear | swagger-ui | - | |
redhat | jboss_fuse | 6.3 | |
redhat | openshift | 2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:smartbear:swagger-ui:-:*:*:*:*:*:*:*", matchCriteriaId: "B8195A94-B057-43E4-9AD4-59B7CA47B97D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*", matchCriteriaId: "D071664D-9B31-45EB-A5DD-237EB3F36E63", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "swagger-ui has XSS in key names", }, { lang: "es", value: "swagger-ui presenta una vulnerabilidad de tipo XSS en nombres claves.", }, ], id: "CVE-2016-1000229", lastModified: "2024-11-21T02:43:01.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-20T14:15:11.633", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97580", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6852657 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6852657 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "FB4AA531-9AC9-417B-B732-6FEBFEB0F363", versionEndExcluding: "21.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "E3912ED0-7480-4FCC-A645-700F2E0C3394", versionEndExcluding: "21.0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.\n\n", }, { lang: "es", value: "IBM Robotic Process Automation 20.12 a 21.0.6 podría permitir que un atacante con acceso físico al sistema obtenga información altamente confidencial de la memoria del sistema. ID de IBM X-Force: 238053.", }, ], id: "CVE-2022-41740", lastModified: "2024-11-21T07:23:46.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-05T18:15:08.717", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852657", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.2.7:*:enterprise:*:*:*:*:*", matchCriteriaId: "2FB9CBA2-3134-420A-8C6E-D899FBE58F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*", matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.", }, { lang: "es", value: "openshift-origin-broker-util, utilizado en Red Hat OpenShift Enterprise 1.2.7 y 2.0.5, utiliza permisos de lectura universal para el archivo de configuración de mcollective client.cfg, lo que permite a usuarios locales obtener credenciales y otra información sensible mediante la lectura del archivo.", }, ], id: "CVE-2014-0164", lastModified: "2024-11-21T02:01:31.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-05-05T17:06:05.607", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191", versionEndIncluding: "1.642.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens API, lo que hace más fácil para atacantes remotos determinar tokens API a través de una aproximación por fuerza bruta.", }, ], id: "CVE-2016-0790", lastModified: "2024-11-21T02:42:23.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:01.927", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:0070 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1147766 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:0070 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1147766 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "D2155ABA-1B6A-4A9E-8493-D10B82367F5A", versionEndExcluding: "1.565.3", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "C7776A17-C1CB-4CD3-A9B4-5D60DF9651F6", versionEndExcluding: "1.583", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2014-3681", lastModified: "2024-11-21T02:08:38.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-15T14:55:07.760", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2015:1650 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2015:1650 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "ED7B0E8D-42EE-4353-AE46-77C267F7D2D2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad en Red Hat OpenShift Enterprise 3.0.0.0 no verifica correctamente los permisos lo cual permite a usuarios remotos autenticados con permisos de creación ejecutar arbitrariamente comandos shell con permisos root sobre pods creados a través de vectores no especificados.", }, ], id: "CVE-2015-5222", lastModified: "2024-11-21T02:32:35.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-24T14:59:07.557", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2015:1650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2015:1650", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 2 no incluye el indicador HTTPOnly en el encabezado Set-Cookie para la cookie GEARID, lo que hace más fácil para el atacante remoto obtener información potencialmente sensible a través del acceso con secuencias de comandos a los cookies.", }, ], id: "CVE-2016-5409", lastModified: "2024-11-21T02:54:15.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T17:59:00.383", references: [ { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/97988", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/97988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ cisaActionDue: "2023-06-02", cisaExploitAdd: "2023-05-12", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Jenkins User Interface (UI) Information Disclosure Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", }, { lang: "es", value: "Las páginas Fingerprints en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 podrían permitir a atacantes remotos obtener trabajo sensible y construir la información de nombre a través de una petición directa.", }, ], id: "CVE-2015-5317", lastModified: "2024-11-21T02:32:47.013", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:07.680", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1813788 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1813788 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "CB125B9C-10F1-449D-9583-B7AA7D70A943", versionEndExcluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.", }, { lang: "es", value: "Se encontró un fallo en la consola web de OpenShift, donde el token de acceso es guardado en el almacenamiento local del navegador. Un atacante puede usar este fallo para obtener el token de acceso por medio de un acceso físico o un ataque de tipo XSS en el navegador de la víctima. Este fallo afecta a openshift/console versiones anteriores a openshift/console-4", }, ], id: "CVE-2020-1761", lastModified: "2024-11-21T05:11:19.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T20:15:08.030", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-358", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | Issue Tracking, Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://github.com/kubernetes/kubernetes/pull/18909 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | Issue Tracking, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/pull/18909 | Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
kubernetes | kubernetes | - | |
redhat | openshift | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*", matchCriteriaId: "14C32308-314D-4E0D-B15F-6A68DF21E9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.", }, { lang: "es", value: "Kubernetes en OpenShift3 permite que atacantes remotos autenticados empleen las imágenes privadas de otros usuarios si conocen el nombre de dicha imagen.", }, ], id: "CVE-2015-7561", lastModified: "2024-11-21T02:36:59.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-07T17:29:00.410", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/pull/18909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/pull/18909", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
{ cisaActionDue: "2023-10-31", cisaExploitAdd: "2023-10-10", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "HTTP/2 Rapid Reset Attack Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D5200E35-222B-42E0-83E0-5B702684D992", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", matchCriteriaId: "C3BDC297-F023-4E87-8518-B84CCF9DD6A8", versionEndExcluding: "1.57.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", matchCriteriaId: "D12D5257-7ED2-400F-9EF7-40E0D3650C2B", versionEndExcluding: "4.1.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*", matchCriteriaId: "1B058776-B5B7-4079-B0AF-23F40926DCEC", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*", matchCriteriaId: "6D565975-EFD9-467C-B6E3-1866A4EF17A4", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*", matchCriteriaId: "6D487271-1B5E-4F16-B0CB-A7B8908935C6", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*", matchCriteriaId: "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "A4A6F189-6C43-462D-85C9-B0EBDA8A4683", versionEndExcluding: "9.4.53", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "C993C920-85C0-4181-A95E-5D965A670738", versionEndExcluding: "10.0.17", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "08E79A8E-E12C-498F-AF4F-1AAA7135661E", versionEndExcluding: "11.0.17", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "F138D800-9A3B-4C76-8A3C-4793083A1517", versionEndExcluding: "12.0.2", versionStartIncluding: "12.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", matchCriteriaId: "6341DDDA-AD27-4087-9D59-0A212F0037B4", versionEndExcluding: "2.7.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "328120E4-C031-44B4-9BE5-03B0CDAA066F", versionEndExcluding: "1.20.10", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A", versionEndExcluding: "1.21.3", versionStartIncluding: "1.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*", matchCriteriaId: "D7D2F801-6F65-4705-BCB9-D057EA54A707", versionEndExcluding: "0.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", matchCriteriaId: "801F25DA-F38C-4452-8E90-235A3B1A5FF0", versionEndExcluding: "0.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D93F04AD-DF14-48AB-9F13-8B2E491CF42E", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7522C760-7E07-406F-BF50-5656D5723C4F", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A7F605E-EB10-40FB-98D6-7E3A95E310BC", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "783E62F2-F867-48F1-B123-D1227C970674", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6603ED6A-3366-4572-AFCD-B3D4B1EC7606", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "88978E38-81D3-4EFE-8525-A300B101FA69", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0510296F-92D7-4388-AE3A-0D9799C2FC4D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D7698D6C-B1F7-43C1-BBA6-88E956356B3D", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "05E452AA-A520-4CBE-8767-147772B69194", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "596FC5D5-7329-4E39-841E-CAE937C02219", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "B3C7A168-F370-441E-8790-73014BCEC39F", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "CF16FD01-7704-40AB-ACB2-80A883804D22", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "9167FEC1-2C37-4946-9657-B4E69301FB24", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "7B4B3442-E0C0-48CD-87AD-060E15C9801E", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "20662BB0-4C3D-4CF0-B068-3555C65DD06C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "59203EBF-C52A-45A1-B8DF-00E17E3EFB51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C8F39403-C259-4D6F-9E9A-53671017EEDB", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "220F2D38-FA82-45EF-B957-7678C9FEDBC1", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5C698C1C-A3DD-46E2-B05A-12F2604E7F85", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "922AA845-530A-4B4B-9976-4CBC30C8A324", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F938EB43-8373-47EB-B269-C6DF058A9244", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1771493E-ACAA-477F-8AB4-25DB12F6AD6E", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "87670A74-34FE-45DF-A725-25B804C845B3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "C7E422F6-C4C2-43AC-B137-0997B5739030", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "CC3F710F-DBCB-4976-9719-CF063DA22377", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "67DB21AE-DF53-442D-B492-C4ED9A20B105", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "4C9FCBCB-9CE0-49E7-85C8-69E71D211912", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "112DFA85-90AD-478D-BD70-8C7C0C074F1B", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "21D51D9F-2840-4DEA-A007-D20111A1745C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7BC1D037-74D2-4F92-89AD-C90F6CBF440B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "2FBCE2D1-9D93-415D-AB2C-2060307C305A", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "8070B469-8CC4-4D2F-97D7-12D0ABB963C1", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "A326597E-725D-45DE-BEF7-2ED92137B253", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7B235A78-649B-46C5-B24B-AB485A884654", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "08B25AAB-A98C-4F89-9131-29E3A8C0ED23", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "98D2CE1E-DED0-470A-AA78-C78EF769C38E", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "BC36311E-BB00-4750-85C8-51F5A2604F07", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "A65D357E-4B40-42EC-9AAA-2B6CEF78C401", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "ABBD10E8-6054-408F-9687-B9BF6375CA09", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E6018B01-048C-43BB-A78D-66910ED60CA9", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "83794B04-87E2-4CA9-81F5-BB820D0F5395", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D9EC2237-117F-43BD-ADEC-516CF72E04EF", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "29563719-1AF2-4BB8-8CCA-A0869F87795D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D24815DD-579A-46D1-B9F2-3BB2C56BC54D", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0A6E7035-3299-474F-8F67-945EA9A059D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0360F76D-E75E-4B05-A294-B47012323ED9", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7A4607BF-41AC-4E84-A110-74E085FF0445", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "441CC945-7CA3-49C0-AE10-94725301E31D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "969C4F14-F6D6-46D6-B348-FC1463877680", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "41AD5040-1250-45F5-AB63-63F333D49BCC", versionEndIncluding: "1.8.2", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8257AA59-C14D-4EC1-B22C-DFBB92CBC297", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FFF5007E-761C-4697-8D34-C064DF0ABE8D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "910441D3-90EF-4375-B007-D51120A60AB2", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "667EB77B-DA13-4BA4-9371-EE3F3A109F38", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "8A6F9699-A485-4614-8F38-5A556D31617E", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "5A90F547-97A2-41EC-9FDF-25F869F0FA38", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E76E1B82-F1DC-4366-B388-DBDF16C586A0", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "660137F4-15A1-42D1-BBAC-99A1D5BB398B", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "C446827A-1F71-4FAD-9422-580642D26AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D47B7691-A95B-45C0-BAB4-27E047F3C379", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "2CD1637D-0E42-4928-867A-BA0FDB6E8462", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "3A599F90-F66B-4DF0-AD7D-D234F328BD59", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3D1B2000-C3FE-4B4C-885A-A5076EB164E1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB23AE6-245E-43D6-B832-933F8259F937", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "1188B4A9-2684-413C-83D1-E91C75AE0FCF", versionEndIncluding: "1.25.2", versionStartIncluding: "1.9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3337609D-5291-4A52-BC6A-6A8D4E60EB20", versionEndIncluding: "2.4.2", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527", versionEndIncluding: "3.3.0", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "F291CB34-47A4-425A-A200-087CC295AEC8", versionEndExcluding: "r29", versionStartIncluding: "r25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*", matchCriteriaId: "5892B558-EC3A-43FF-A1D5-B2D9F70796F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", matchCriteriaId: "96BF2B19-52C7-4051-BA58-CAE6F912B72F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B", versionEndIncluding: "8.5.93", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34", versionEndIncluding: "9.0.80", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "0765CC3D-AB1A-4147-8900-EF4C105321F2", versionEndIncluding: "10.1.13", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", matchCriteriaId: "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", matchCriteriaId: "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", matchCriteriaId: "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", matchCriteriaId: "2AAD52CE-94F5-4F98-A027-9A7E68818CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", matchCriteriaId: "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", matchCriteriaId: "03A171AF-2EC8-4422-912C-547CDB58CAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", matchCriteriaId: "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", matchCriteriaId: "49350A6E-5E1D-45B2-A874-3B8601B3ADCC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", matchCriteriaId: "5F50942F-DF54-46C0-8371-9A476DD3EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", matchCriteriaId: "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", matchCriteriaId: "98792138-DD56-42DF-9612-3BDC65EEC117", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*", matchCriteriaId: "08190072-3880-4EF5-B642-BA053090D95B", versionEndExcluding: "1.28.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", matchCriteriaId: "5F4CDEA9-CB47-4881-B096-DA896E2364F3", versionEndExcluding: "1.56.3", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", matchCriteriaId: "E65AF7BC-7DAE-408A-8485-FBED22815F75", versionEndIncluding: "1.59.2", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", matchCriteriaId: "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC", versionEndExcluding: "1.58.3", versionStartIncluding: "1.58.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*", matchCriteriaId: "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD", versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "8DF7ECF6-178D-433C-AA21-BAE9EF248F37", versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1C3418F4-B8BF-4666-BB39-C188AB01F45C", versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA", versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*", matchCriteriaId: "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314", versionEndExcluding: "2023-10-08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "16A8F269-E07E-402F-BFD5-60F3988A5EAF", versionEndExcluding: "17.2.20", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8", versionEndExcluding: "17.4.12", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "DA5834D4-F52F-41C0-AA11-C974FFEEA063", versionEndExcluding: "17.6.8", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "2166106F-ACD6-4C7B-B0CC-977B83CC5F73", versionEndExcluding: "17.7.5", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F", versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1", versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", matchCriteriaId: "E500D59C-6597-45E9-A57B-BE26C0C231D3", versionEndExcluding: "10.0.17763.4974", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "C9F9A643-90C6-489C-98A0-D2739CE72F86", versionEndExcluding: "10.0.19044.3570", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "1814619C-ED07-49E0-A50A-E28D824D43BC", versionEndExcluding: "10.0.19045.3570", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "100A27D3-87B0-4E72-83F6-7605E3F35E63", versionEndExcluding: "10.0.22000.2538", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A36795-0238-45C9-ABE6-3DCCF751915B", versionEndExcluding: "10.0.22621.2428", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "C61F0294-5C7E-4DB2-8905-B85D0782F35F", versionEndExcluding: "18.18.2", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388", versionEndExcluding: "20.8.1", versionStartIncluding: "20.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", matchCriteriaId: "B25279EF-C406-4133-99ED-0492703E0A4E", versionEndExcluding: "2023-10-11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5", versionEndExcluding: "2023-10-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*", matchCriteriaId: "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C", versionEndExcluding: "2023.10.16.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*", matchCriteriaId: "EDEB508E-0EBD-4450-9074-983DDF568AB4", versionEndExcluding: "3.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", matchCriteriaId: "93A1A748-6C71-4191-8A16-A93E94E2CDE4", versionEndExcluding: "8.1.9", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", matchCriteriaId: "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A", versionEndExcluding: "9.2.3", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*", matchCriteriaId: "6F70360D-6214-46BA-AF82-6AB01E13E4E9", versionEndExcluding: "2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82", versionEndExcluding: "4.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF", versionEndExcluding: "1.17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "F0C8E760-C8D2-483A-BBD4-6A6D292A3874", versionEndExcluding: "1.18.3", versionStartIncluding: "1.18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7", versionEndExcluding: "1.19.1", versionStartIncluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", matchCriteriaId: "050AE218-3871-44D6-94DA-12D84C2093CB", versionEndExcluding: "2023-10-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "B36BFFB0-C0EC-4926-A1DB-0B711C846A68", versionEndExcluding: "2.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*", matchCriteriaId: "FC4C66B1-42C0-495D-AE63-2889DE0BED84", versionEndExcluding: "2023-10-11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "8633E263-F066-4DD8-A734-90207207A873", versionEndIncluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "27ED3533-A795-422F-B923-68BE071DC00D", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "45F7E352-3208-4188-A5B1-906E00DF9896", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "DF89A8AD-66FE-439A-B732-CAAB304D765B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", matchCriteriaId: "A400C637-AF18-4BEE-B57C-145261B65DEC", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "653A5B08-0D02-4362-A8B1-D00B24C6C6F2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", matchCriteriaId: "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F0FD736A-8730-446A-BA3A-7B608DB62B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F4C504B6-3902-46E2-82B7-48AEC9CDD48D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B4BE2D6-43C3-4065-A213-5DB1325DC78F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*", matchCriteriaId: "1D54F5AE-61EC-4434-9D5F-9394A3979894", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", matchCriteriaId: "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4E37E1B3-6F68-4502-85D6-68333643BDFF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "6D5A7736-A403-4617-8790-18E46CB74DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "33F13B03-69BF-4A8B-A0A0-7F47FD857461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "9393119E-F018-463F-9548-60436F104195", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E567CD9F-5A43-4D25-B911-B5D0440698F4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "68146098-58F8-417E-B165-5182527117C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "CB4D6790-63E5-4043-B8BE-B489D649061D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*", matchCriteriaId: "78698F40-0777-4990-822D-02E1B5D0E2C0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", matchCriteriaId: "B87C8AD3-8878-4546-86C2-BF411876648C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*", matchCriteriaId: "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", matchCriteriaId: "A58966CB-36AF-4E64-AB39-BE3A0753E155", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*", matchCriteriaId: "585BC540-073B-425B-B664-5EA4C00AFED6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40CCE4F-EA2C-453D-BB76-6388767E5C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "EF93A27E-AA2B-4C2E-9B8D-FE7267847326", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "2B12A3A8-6456-481A-A0C9-524543FCC149", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*", matchCriteriaId: "4E22EBF9-AA0D-4712-9D69-DD97679CE835", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*", matchCriteriaId: "941B114C-FBD7-42FF-B1D8-4EA30E99102C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "339CFB34-A795-49F9-BF6D-A00F3A1A4F63", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "8D044DBE-6F5A-4C53-828E-7B1A570CACFF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*", matchCriteriaId: "65203CA1-5225-4E55-A187-6454C091F532", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", matchCriteriaId: "7BF8EFFB-5686-4F28-A68F-1A8854E098CE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*", matchCriteriaId: "5DA9B2E2-958B-478D-87D6-E5CDDCD44315", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*", matchCriteriaId: "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*", matchCriteriaId: "DF390236-3259-4C8F-891C-62ACC4386CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", matchCriteriaId: "C0AAA300-691A-4957-8B69-F6888CC971B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", matchCriteriaId: "45937289-2D64-47CB-A750-5B4F0D4664A0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*", matchCriteriaId: "B129311C-EB4B-4041-B85C-44D5E53FCAA3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", matchCriteriaId: "77675CB7-67D7-44E9-B7FF-D224B3341AA5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*", matchCriteriaId: "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", matchCriteriaId: "9C877879-B84B-471C-80CF-0656521CA8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", matchCriteriaId: "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", matchCriteriaId: "E315FC5C-FF19-43C9-A58A-CF2A5FF13824", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1987BDA-0113-4603-B9BE-76647EB043F2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", matchCriteriaId: "848C92A9-0677-442B-8D52-A448F2019903", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "6F564701-EDC1-43CF-BB9F-287D6992C6CB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", matchCriteriaId: "12B0CF2B-D1E1-4E20-846E-6F0D873499A9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*", matchCriteriaId: "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*", matchCriteriaId: "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*", matchCriteriaId: "A903C3AD-2D25-45B5-BF4A-A5BEB2286627", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", matchCriteriaId: "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*", matchCriteriaId: "C2792650-851F-4820-B003-06A4BEA092D7", versionEndExcluding: "10.5.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1", versionEndExcluding: "3.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "E6FF5F80-A991-43D4-B49F-D843E2BC5798", versionEndIncluding: "2.414.2", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", matchCriteriaId: "54D25DA9-12D0-4F14-83E6-C69D0293AAB9", versionEndIncluding: "2.427", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", matchCriteriaId: "8E1AFFB9-C717-4727-B0C9-5A0C281710E2", versionEndExcluding: "9.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", matchCriteriaId: "25C85001-E0AB-4B01-8EE7-1D9C77CD956E", versionEndExcluding: "1.21.4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*", matchCriteriaId: "F98F9D27-6659-413F-8F29-4FDB0882AAC5", versionEndExcluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C98BF315-C563-47C2-BAD1-63347A3D1008", versionEndExcluding: "4.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*", matchCriteriaId: "705CBA49-21C9-4400-B7B9-71CDF9F97D8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "AA2BE0F1-DD16-4876-8EBA-F187BD38B159", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "796B6C58-2140-4105-A2A1-69865A194A75", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*", matchCriteriaId: "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", matchCriteriaId: "6560DBF4-AFE6-4672-95DE-74A0B8F4170A", versionEndExcluding: "x14.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "84785919-796D-41E5-B652-6B5765C81D4A", versionEndExcluding: "7.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*", matchCriteriaId: "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E", versionEndExcluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD", versionEndExcluding: "9.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "4FE2F959-1084-48D1-B1F1-8182FC9862DD", versionEndExcluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "1BB6B48E-EA36-40A0-96D0-AF909BEC1147", versionEndExcluding: "11.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*", matchCriteriaId: "2CBED844-7F94-498C-836D-8593381A9657", versionEndExcluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510", versionEndExcluding: "2.19.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", matchCriteriaId: "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA", versionEndExcluding: "x14.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*", matchCriteriaId: "BFF2D182-7599-4B81-B56B-F44EDA1384C0", versionEndExcluding: "2024.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*", matchCriteriaId: "4868BCCA-24DE-4F24-A8AF-B3A545C0396E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*", matchCriteriaId: "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A", versionEndExcluding: "2024.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20", versionEndExcluding: "2024.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*", matchCriteriaId: "B6638F4E-16F7-447D-B755-52640BCB1C61", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "AC34F742-530E-4AB4-8AFC-D1E088E256B4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", matchCriteriaId: "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*", matchCriteriaId: "E22AD683-345B-4E16-BB9E-E9B1783E09AD", versionEndExcluding: "12.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*", matchCriteriaId: "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*", matchCriteriaId: "2955BEE9-F567-4006-B96D-92E10FF84DB4", versionEndExcluding: "1.22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "67502878-DB20-4410-ABA0-A1C5705064CD", versionEndExcluding: "17.15.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", matchCriteriaId: "177DED2D-8089-4494-BDD9-7F84FC06CD5B", versionEndExcluding: "7.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54A29FD3-4128-4333-8445-A7DD04A6ECF6", versionEndExcluding: "15.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "67074526-9933-46B3-9FE3-A0BE73C5E8A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9", versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88", versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", matchCriteriaId: "528ED62B-D739-4E06-AC64-B506FD73BBAB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*", matchCriteriaId: "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", matchCriteriaId: "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", matchCriteriaId: "76C10D85-88AC-4A79-8866-BED88A0F8DF8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", matchCriteriaId: "09AC2BAD-F536-48D0-A2F0-D4E290519EB6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", matchCriteriaId: "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", matchCriteriaId: "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", matchCriteriaId: "5F4E8EE4-031D-47D3-A12E-EE5F792172EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", matchCriteriaId: "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", matchCriteriaId: "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", matchCriteriaId: "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", matchCriteriaId: "D14D4B4E-120E-4607-A4F1-447C7BF3052E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", matchCriteriaId: "15702ACB-29F3-412D-8805-E107E0729E35", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", matchCriteriaId: "4E930332-CDDD-48D5-93BC-C22D693BBFA2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*", matchCriteriaId: "29B34855-D8D2-4114-80D2-A4D159C62458", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", matchCriteriaId: "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", matchCriteriaId: "F4226DA0-9371-401C-8247-E6E636A116C3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", matchCriteriaId: "7664666F-BCE4-4799-AEEA-3A73E6AD33F4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", matchCriteriaId: "D3DBBFE9-835C-4411-8492-6006E74BAC65", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", matchCriteriaId: "B3293438-3D18-45A2-B093-2C3F65783336", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", matchCriteriaId: "C97C29EE-9426-4BBE-8D84-AB5FF748703D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "E142C18F-9FB5-4D96-866A-141D7D16CAF7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "8F43B770-D96C-44EA-BC12-9F39FC4317B9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", matchCriteriaId: "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", matchCriteriaId: "7817F4E6-B2DA-4F06-95A4-AF329F594C02", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", matchCriteriaId: "CED628B5-97A8-4B26-AA40-BEC854982157", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "7BB9DD73-E31D-4921-A6D6-E14E04703588", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "8EFC116A-627F-4E05-B631-651D161217C8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", matchCriteriaId: "4532F513-0543-4960-9877-01F23CA7BA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", matchCriteriaId: "0B43502B-FD53-465A-B60F-6A359C6ACD99", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", matchCriteriaId: "32A532C0-B0E3-484A-B356-88970E7D0248", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*", matchCriteriaId: "1C84D24C-2256-42AF-898A-221EBE9FE1E4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", matchCriteriaId: "652A2849-668D-4156-88FB-C19844A59F33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*", matchCriteriaId: "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", matchCriteriaId: "24FBE87B-8A4F-43A8-98A3-4A7D9C630937", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", matchCriteriaId: "6ACD09AC-8B28-4ACB-967B-AB3D450BC137", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", matchCriteriaId: "43913A0E-50D5-47DD-94D8-DD3391633619", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", matchCriteriaId: "7D397349-CCC6-479B-9273-FB1FFF4F34F2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", matchCriteriaId: "DC7286A7-780F-4A45-940A-4AD5C9D0F201", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", matchCriteriaId: "CA52D5C1-13D8-4D23-B022-954CCEF491F1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "5F7AF8D7-431B-43CE-840F-CC0817D159C0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", matchCriteriaId: "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", matchCriteriaId: "A8E1073F-D374-4311-8F12-AD8C72FAA293", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", matchCriteriaId: "EAF5AF71-15DF-4151-A1CF-E138A7103FC8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", matchCriteriaId: "10F80A72-AD54-4699-B8AE-82715F0B58E2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", matchCriteriaId: "E505C0B1-2119-4C6A-BF96-C282C633D169", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", matchCriteriaId: "088C0323-683A-44F5-8D42-FF6EC85D080E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", matchCriteriaId: "74CB4002-7636-4382-B33E-FBA060A13C34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", matchCriteriaId: "915EF8F6-6039-4DD0-B875-30D911752B74", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "10CEBF73-3EE0-459A-86C5-F8F6243FE27C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "97217080-455C-48E4-8CE1-6D5B9485864F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", matchCriteriaId: "95D2C4C3-65CE-4612-A027-AF70CEFC3233", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", matchCriteriaId: "57572E4A-78D5-4D1A-938B-F05F01759612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9", versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88", versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", matchCriteriaId: "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "532CE4B0-A3C9-4613-AAAF-727817D06FB4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*", matchCriteriaId: "24CA1A59-2681-4507-AC74-53BD481099B9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", matchCriteriaId: "4283E433-7F8C-4410-B565-471415445811", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*", matchCriteriaId: "FFB9FDE8-8533-4F65-BF32-4066D042B2F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", matchCriteriaId: "F80AB6FB-32FD-43D7-A9F1-80FA47696210", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "3AA5389A-8AD1-476E-983A-54DF573C30F5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", matchCriteriaId: "D5B2E4C1-2627-4B9D-8E92-4B483F647651", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*", matchCriteriaId: "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", matchCriteriaId: "557ED31C-C26A-4FAE-8B14-D06B49F7F08B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", matchCriteriaId: "11411BFD-3F4D-4309-AB35-A3629A360FB0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DB2FFD26-8255-4351-8594-29D2AEFC06EF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", matchCriteriaId: "E663DE91-C86D-48DC-B771-FA72A8DF7A7C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "61E10975-B47E-4F4D-8096-AEC7B7733612", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "A90184B3-C82F-4CE5-B2AD-97D5E4690871", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", matchCriteriaId: "40E40F42-632A-47DF-BE33-DC25B826310B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", matchCriteriaId: "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", matchCriteriaId: "16C64136-89C2-443C-AF7B-BED81D3DE25A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", matchCriteriaId: "BBEF7F26-BB47-44BD-872E-130820557C23", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", matchCriteriaId: "07DE6F63-2C7D-415B-8C34-01EC05C062F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "182000E0-8204-4D8B-B7DE-B191AFE12E28", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", matchCriteriaId: "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", matchCriteriaId: "F423E45D-A6DD-4305-9C6A-EAB26293E53A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "BDC208BC-7E19-48C6-A20E-A79A51B7362C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "102F91CD-DFB6-43D4-AE5B-DA157A696230", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "E952A96A-0F48-4357-B7DD-1127D8827650", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "084D0191-563B-4FF0-B589-F35DA118E1C6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DB6FC5-762A-4F16-AE8C-69330EFCF640", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "F70D81F1-8B12-4474-9060-B4934D8A3873", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", matchCriteriaId: "5394DE31-3863-4CA9-B7B1-E5227183100D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "968390BC-B430-4903-B614-13104BFAE635", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "7349D69B-D8FA-4462-AA28-69DD18A652D9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", matchCriteriaId: "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", matchCriteriaId: "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", matchCriteriaId: "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", matchCriteriaId: "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "91231DC6-2773-4238-8C14-A346F213B5E5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", matchCriteriaId: "2DF88547-BAF4-47B0-9F60-80A30297FCEB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", matchCriteriaId: "02C3CE6D-BD54-48B1-A188-8E53DA001424", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", matchCriteriaId: "498991F7-39D6-428C-8C7D-DD8DC72A0346", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", matchCriteriaId: "113772B6-E9D2-4094-9468-3F4E1A87D07D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "F7B90D36-5124-4669-8462-4EAF35B0F53D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "C45A38D6-BED6-4FEF-AD87-A1E813695DE0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "F1FC2B1F-232E-4754-8076-CC82F3648730", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", matchCriteriaId: "5F1127D2-12C0-454F-91EF-5EE334070D06", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*", matchCriteriaId: "7D6EB963-E0F2-4A02-8765-AB2064BE19E9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", matchCriteriaId: "785FD17C-F32E-4042-9DDE-A89B3AAE0334", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DEAAF99B-5406-4722-81FB-A91CBAC2DF41", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", matchCriteriaId: "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", matchCriteriaId: "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", matchCriteriaId: "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "2CF467E2-4567-426E-8F48-39669E0F514C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", matchCriteriaId: "63842B25-8C32-4988-BBBD-61E9CB09B4F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", matchCriteriaId: "40D6DB7F-C025-4971-9615-73393ED61078", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", matchCriteriaId: "4364ADB9-8162-451D-806A-B98924E6B2CF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B53BCB42-ED61-4FCF-8068-CB467631C63C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "737C724A-B6CD-4FF7-96E0-EBBF645D660E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "7067AEC7-DFC8-4437-9338-C5165D9A8F36", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", matchCriteriaId: "49E0371B-FDE2-473C-AA59-47E1269D050F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", matchCriteriaId: "489D11EC-5A18-4F32-BC7C-AC1FCEC27222", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "71D4CF15-B293-4403-A1A9-96AD3933BAEF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DBCC1515-2DBE-4DF2-8E83-29A869170F36", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", matchCriteriaId: "1BC5293E-F2B4-46DC-85DA-167EA323FCFD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "7282AAFF-ED18-4992-AC12-D953C35EC328", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", matchCriteriaId: "EA022E77-6557-4A33-9A3A-D028E2DB669A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "360409CC-4172-4878-A76B-EA1C1F8C7A79", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", matchCriteriaId: "D8D5D5E2-B40B-475D-9EF3-8441016E37E9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*", matchCriteriaId: "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", matchCriteriaId: "63BE0266-1C00-4D6A-AD96-7F82532ABAA7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "73F59A4B-AE92-4533-8EDC-D1DD850309FF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "492A2C86-DD38-466B-9965-77629A73814F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "1FB7AA46-4018-4925-963E-719E1037F759", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", matchCriteriaId: "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CB270C45-756E-400A-979F-D07D750C881A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8A085C-2DBA-4269-AB01-B16019FBB4DA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "A79DD582-AF68-44F1-B640-766B46EF2BE2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*", matchCriteriaId: "B04484DA-AA59-4833-916E-6A8C96D34F0D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", matchCriteriaId: "768BE390-5ED5-48A7-9E80-C4DE8BA979B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "D07B5399-44C7-468D-9D57-BB5B5E26CE50", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", matchCriteriaId: "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "B76FB64F-16F0-4B0B-B304-B46258D434BA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", matchCriteriaId: "7E02DC82-0D26-436F-BA64-73C958932B0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "2E128053-834B-4DD5-A517-D14B4FC2B56F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*", matchCriteriaId: "163743A1-09E7-4EC5-8ECA-79E4B9CE173B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*", matchCriteriaId: "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "C367BBE0-D71F-4CB5-B50E-72B033E73FE1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*", matchCriteriaId: "85E1D224-4751-4233-A127-A041068C804A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*", matchCriteriaId: "BD31B075-01B1-429E-83F4-B999356A0EB9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", matchCriteriaId: "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", matchCriteriaId: "3284D16F-3275-4F8D-8AE4-D413DE19C4FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, { lang: "es", value: "El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023.", }, ], id: "CVE-2023-44487", lastModified: "2024-12-20T17:40:52.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-10T14:15:10.883", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { source: "cve@mitre.org", tags: [ "Technical Description", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/Azure/AKS/issues/3947", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/Kong/kong/discussions/11741", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/akka/akka-http/issues/4323", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/apisix/issues/10320", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/httpd-site/pull/10", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", ], url: "https://github.com/dotnet/announcements/issues/277", }, { source: "cve@mitre.org", tags: [ "Product", "Release Notes", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/facebook/proxygen/pull/466", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/golang/go/issues/63417", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/h2o/h2o/pull/3291", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/line/armeria/pull/5232", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/micrictor/http2-rst-stream", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/nodejs/node/pull/50121", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/openresty/openresty/issues/930", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37830987", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37830998", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37831062", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37837043", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Mitigation", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/Azure/AKS/issues/3947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/Kong/kong/discussions/11741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/akka/akka-http/issues/4323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/apisix/issues/10320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/httpd-site/pull/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/dotnet/announcements/issues/277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/facebook/proxygen/pull/466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/golang/go/issues/63417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/h2o/h2o/pull/3291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/line/armeria/pull/5232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/micrictor/http2-rst-stream", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/nodejs/node/pull/50121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/openresty/openresty/issues/930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37830987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Press/Media Coverage", ], url: "https://news.ycombinator.com/item?id=37830998", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37831062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37837043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*", matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.", }, { lang: "es", value: "Durante la instalación de un clúster de OpenShift versión 4, la herramienta de línea de comando \"openshift-install\" crea un directorio \"auth\", con los archivos \"kubeconfig\" y \"kubeadmin-password\". Ambos archivos contienen credenciales usadas para autenticarse en el servidor de la API OpenShift, y se les asignaron permisos world-readable inapropiadamente. ose-installer como es incluido en Openshift versión 4.2 es vulnerable.", }, ], id: "CVE-2019-19335", lastModified: "2024-11-21T04:34:35.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-18T16:15:11.677", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7", versionEndIncluding: "1.580.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9", versionEndIncluding: "1.599", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.", }, { lang: "es", value: "La secuencia de comandos del filtro de combinación Groovy en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados con permisos de configuración de trabajo obtener privilegios y ejecutar código arbitrario en el maestro a través de vectores no especificados.", }, ], id: "CVE-2015-1806", lastModified: "2024-11-21T02:26:11.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-16T20:59:04.527", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E", versionEndIncluding: "1.639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", }, { lang: "es", value: "Vulnerabilidad de CSRF en Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que tienen un impacto no especificado a través de vectores relacionados con el método HTTP GET.", }, ], id: "CVE-2015-7537", lastModified: "2024-11-21T02:36:56.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-03T18:59:02.007", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
kubernetes | kubernetes | * | |
redhat | openshift | 3.0 | |
redhat | openshift | 3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:kubernetes:*:alpha.4:*:*:*:*:*:*", matchCriteriaId: "EE0A7C28-C2DF-4AFE-9F81-BA38AC6ADA9B", versionEndIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.", }, { lang: "es", value: "Kubernetes en versiones anteriores a 1.2.0-alpha.5 permite a atacantes remotos leer logs de pod arbitrarios a través de un nombre de contenedor.", }, ], id: "CVE-2015-7528", lastModified: "2024-11-21T02:36:55.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-11T21:59:09.337", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2015:2544", }, { source: "secalert@redhat.com", url: "https://github.com/kubernetes/kubernetes/pull/17886", }, { source: "secalert@redhat.com", url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin/pull/6113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2015:2544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/kubernetes/kubernetes/pull/17886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin/pull/6113", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-0163 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-0163 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.", }, { lang: "es", value: "OpenShift presenta fallos de inyección de comandos de shell debido a que los datos no saneados son pasados a los comandos de shell.", }, ], id: "CVE-2014-0163", lastModified: "2024-11-21T02:01:30.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-11T16:15:10.417", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0163", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:1.642.1:*:*:*:lts:*:*:*", matchCriteriaId: "8B87EA57-C12B-4329-B969-2867803D0BA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.", }, { lang: "es", value: "El módulo remoting en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos ejecutar código arbitrario abriendo un listener JRMP.", }, ], id: "CVE-2016-0788", lastModified: "2024-11-21T02:42:23.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:00.083", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF", versionEndExcluding: "4.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/mediawiki. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.", }, ], id: "CVE-2020-1709", lastModified: "2024-11-21T05:11:12.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-20T15:15:13.717", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.2 y 3.1 no valida correctamente el origen de una petición cuando el acceso anónimo está concedido para una API service/proxy o pod/proxy para un pod específico, lo que permite a atacantes remotos acceder a credenciales de la API en el explorador web localStorage a través de un token de acceso en el parámetro query.", }, ], id: "CVE-2016-3703", lastModified: "2024-11-21T02:50:32.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:04.703", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1095", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7010895 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7010895 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "3A7E8F79-818A-48A9-85EF-C288C9B498CD", versionEndIncluding: "21.0.7.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "6AD41BDB-D7C2-408F-A62E-B0B232D1B5AA", versionEndIncluding: "23.0.5", versionStartIncluding: "23.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "826E2455-8E66-44DE-8247-6941587E9031", versionEndIncluding: "21.0.7.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "D4401320-D4FC-4BB4-B282-870E5B5C3AAD", versionEndIncluding: "23.0.5", versionStartIncluding: "23.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "5E487A1C-74C8-4AEF-A0CF-2088EB4AE7AE", versionEndIncluding: "21.0.7.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "CA019BF9-1C55-4719-8124-C5620E8BB20B", versionEndIncluding: "23.0.5", versionStartIncluding: "23.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.", }, ], id: "CVE-2023-35900", lastModified: "2024-11-21T08:08:57.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-19T01:15:10.747", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7010895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7010895", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-0023 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-0023 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution", }, { lang: "es", value: "OpenShift: el script de instalación tiene una vulnerabilidad de creación de archivos temporales que puede resultar en la ejecución de código arbitrario", }, ], id: "CVE-2014-0023", lastModified: "2024-11-21T02:01:11.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-15T15:15:11.873", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0023", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/READ obtener el valor por defecto para el campo password de un trabajo parametrizado leyendo el DOM.", }, ], id: "CVE-2014-3680", lastModified: "2024-11-21T02:08:38.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:08.190", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2014-3663", lastModified: "2024-11-21T02:08:36.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:08.017", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1009734 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1009734 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.", }, { lang: "es", value: "(1) oo-analytics-export y (2) oo-analytics-import en el paquete openshift-origin-broker-util en Red Hat OpenShift Enterprise 1 y 2 permiten que los usuarios locales provoquen un impacto sin especificar mediante un ataque symlink en un archivo no especificado en /tmp.", }, ], id: "CVE-2013-4364", lastModified: "2024-11-21T01:55:25.813", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-08T19:29:00.190", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:2064 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://github.com/kubernetes/kubernetes/issues/34517 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2064 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/34517 | Exploit, Patch, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
kubernetes | kubernetes | - | |
redhat | openshift | 3.1 | |
redhat | openshift | 3.2 | |
redhat | openshift | 3.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*", matchCriteriaId: "14C32308-314D-4E0D-B15F-6A68DF21E9F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "84C890EC-229B-458B-AEF7-EA03C6248A25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.", }, { lang: "es", value: "Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podría emplear este error para omitir los requisitos de autenticación mediante el uso de un certificado X.509 especialmente manipulado", }, ], id: "CVE-2016-7075", lastModified: "2024-11-21T02:57:24.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-10T14:29:00.800", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2064", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/issues/34517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:2064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/kubernetes/kubernetes/issues/34517", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 1.0 | |
redhat | openshift_origin | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*", matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:*:*:*:*:*:*:*:*", matchCriteriaId: "3F4086F4-8220-4036-B579-047F501BD5FD", versionEndIncluding: "1.0.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.", }, { lang: "es", value: "node-util/www/html/restorer.php en Red Hat OpenShift Origin anterior a v1.0.5-3 permite a atacantes remotos ejecutar comandos arbitrarios mediante un uuid falsificado en el PATH_INFO.", }, ], id: "CVE-2012-5646", lastModified: "2024-11-21T01:45:02.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-24T21:55:00.957", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/89431", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/57189", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/pull/1017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/89431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/57189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/pull/1017", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 3.2 | |
redhat | openshift_origin | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_origin:-:*:*:*:*:*:*:*", matchCriteriaId: "01B75475-8415-46F8-A5B8-323527336611", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie.", }, { lang: "es", value: "HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie \"OPENSHIFT_[namespace]_SERVERID\".", }, ], id: "CVE-2016-3711", lastModified: "2024-11-21T02:50:33.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:06.737", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openshift/origin/pull/8334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openshift/origin/pull/8334", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6852655 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6852655 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_as_a_service | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "FB4AA531-9AC9-417B-B732-6FEBFEB0F363", versionEndExcluding: "21.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "8CD1565F-23A8-4EB0-A3C6-A528C8CA2444", versionEndExcluding: "21.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "E3912ED0-7480-4FCC-A645-700F2E0C3394", versionEndExcluding: "21.0.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.", }, { lang: "es", value: "IBM Robotic Process Automation 20.12 a 21.0.6 es vulnerable a la exposición del nombre y el correo electrónico del creador/modificador de objetos a nivel de plataforma. ID de IBM X-Force: 238678.", }, ], id: "CVE-2022-43573", lastModified: "2024-11-21T07:26:48.887", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-05T18:15:08.807", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6852655", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6980959 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6980959 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_pak_for_data | 4.5 | |
ibm | cloud_pak_for_data | 4.6 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.5:*:*:*:*:*:*:*", matchCriteriaId: "8DBAEB61-F9C1-40D9-9952-13DC12622ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.6:*:*:*:*:*:*:*", matchCriteriaId: "3F462804-1CB4-406E-A14A-FD6EF173A5D5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n", }, ], id: "CVE-2022-36769", lastModified: "2024-11-21T07:13:40.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-26T03:15:08.663", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6980959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6980959", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-2403 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2101959 | Issue Tracking, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-2403 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2101959 | Issue Tracking, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "06161168-9C83-4BA0-9451-7433AD38C43A", versionStartIncluding: "4.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.", }, { lang: "es", value: "Se ha encontrado un filtrado de credenciales en OpenShift Container Platform. La clave privada del certificado del clúster externo es almacenada de forma incorrecta en el ConfigMaps oauth-serving-cert, y era accesible para cualquier usuario o cuenta de servicio autenticada de OpenShift. Un usuario malicioso podría aprovechar este fallo al leer el ConfigMap de oauth-serving-cert en el espacio de nombres openshift-config-managed, comprometiendo cualquier tráfico web asegurado con ese certificado", }, ], id: "CVE-2022-2403", lastModified: "2024-11-21T07:00:55.253", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-01T21:15:09.497", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-2403", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2022-2403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-497", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | * | |
redhat | openshift_origin | 1.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*", matchCriteriaId: "7D4E1F6B-34CD-4926-88A3-E440846BF387", versionEndIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "7D94C104-7375-4D23-97F7-E9B861A70E1C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", }, { lang: "es", value: "La función \"lockwrap\" en port-proxy/bin/openshift-port-proxy-cfg en Red Hat OpenShift Origin anterior a v1.1 permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp.", }, ], id: "CVE-2013-0164", lastModified: "2024-11-21T01:46:58.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-24T22:55:01.300", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/pull/1136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/pull/1136", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | * | |
zeroclipboard_project | zeroclipboard | * | |
zeroclipboard_project | zeroclipboard | 1.0.5 | |
zeroclipboard_project | zeroclipboard | 1.0.7 | |
zeroclipboard_project | zeroclipboard | 1.0.8 | |
zeroclipboard_project | zeroclipboard | 1.1.0 | |
zeroclipboard_project | zeroclipboard | 1.1.1 | |
zeroclipboard_project | zeroclipboard | 1.1.2 | |
zeroclipboard_project | zeroclipboard | 1.1.3 | |
zeroclipboard_project | zeroclipboard | 1.1.4 | |
zeroclipboard_project | zeroclipboard | 1.1.5 | |
zeroclipboard_project | zeroclipboard | 1.1.6 | |
zeroclipboard_project | zeroclipboard | 1.1.7 | |
zeroclipboard_project | zeroclipboard | 1.2.0 | |
zeroclipboard_project | zeroclipboard | 1.2.1 | |
zeroclipboard_project | zeroclipboard | 1.2.2 | |
zeroclipboard_project | zeroclipboard | 1.2.3 | |
zeroclipboard_project | zeroclipboard | 1.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*", matchCriteriaId: "7C95E20C-E8E5-4177-B6CC-C7AAB9874B3F", versionEndIncluding: "1.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A25DABC8-9172-45BA-929A-09787D8C83B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3D277410-4FC8-4A41-AA03-264545655F26", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "1186EF88-A330-4053-A373-8246126769D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9CDB3F9E-9B3C-4A59-A7F5-9009502953E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "08278232-6FB5-4C56-95E7-5EA381D838BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "32D2DCB7-7D13-4E62-B0B4-133196CE887B", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "C5EA9387-77FF-4764-9E3E-80132C6F93F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "DEA98F4C-7E6E-470F-B1AE-9FBA1FB3FE16", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "9C7307B1-1C05-4644-8CEC-4256E08D3513", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "A05848DC-A88C-4287-90A3-2ADE07A94D60", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "51F0A114-122D-4ECA-B70E-CF9D04E6B215", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E6B5C2BE-AC6A-4793-881C-5EDD290B3762", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "5DE8972F-6679-4735-83FD-2F4A0770C9AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "771CCAFF-D346-4276-BA20-6D5F2311356A", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FE7C02A2-2591-4DA0-8373-595379E77C06", vulnerable: true, }, { criteria: "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A68C7E5F-A832-41F4-B9D4-F9B09524ABD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con ciertos parámetros de consulta SWF (también conocido como loaderInfo.parameters).", }, ], id: "CVE-2014-1869", lastModified: "2024-11-21T02:05:10.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-02-08T00:55:06.207", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/56821", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65484", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085", }, { source: "cve@mitre.org", url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", }, { source: "cve@mitre.org", url: "https://github.com/zeroclipboard/zeroclipboard/pull/335", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", }, { source: "cve@mitre.org", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/56821", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/zeroclipboard/zeroclipboard/pull/335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1991687 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1991687 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773", versionEndExcluding: "2.12", versionStartIncluding: "2.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*", matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*", matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, { lang: "es", value: "Una imagen JPEG diseñada puede conllevar que el lector de JPEG desborde su puntero de datos, permitiendo que los datos controlados por el usuario sean escritos en la pila. Para que sea realizado con éxito, el atacante necesita llevar a cabo un triaje sobre la disposición de la pila y llevar a cabo una imagen con un formato y carga útil maliciosos. Esta vulnerabilidad puede conllevar a una corrupción de datos y la eventual ejecución de código o la omisión del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12", }, ], id: "CVE-2021-3697", lastModified: "2024-11-21T06:22:10.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T16:15:08.320", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2017-7517 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1470414 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2017-7517 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1470414 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance.", }, { lang: "es", value: "Se presenta una vulnerabilidad de comprobación de entrada en Openshift Enterprise debido a un mapeo 1:1 de inquilinos en Hawkular Metrics y proyectos/espacios de nombres en OpenShift. Si un usuario crea un proyecto llamado \"MyProject\", y más tarde lo elimina, otro usuario puede crear un proyecto llamado \"MyProject\" y acceder a las métricas almacenadas de la instancia original \"MyProject\"", }, ], id: "CVE-2017-7517", lastModified: "2024-11-21T03:32:03.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-17T16:15:14.710", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2017-7517", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2017-7517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E", versionEndIncluding: "1.639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", }, { lang: "es", value: "The Plugins Manager in Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 no verifica sumas de comprobación para archivos de plugin referenciados en datos del sitio de actualización, lo que facilita a atacantes man-in-the-middle ejecutar código arbitrario a través de un plugin manipulado.", }, ], id: "CVE-2015-7539", lastModified: "2024-11-21T02:36:56.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-03T18:59:03.900", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/103364 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1552987 | Issue Tracking, Mitigation | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103364 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1552987 | Issue Tracking, Mitigation |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "2D9724B7-D99B-4376-B1B5-5CE5F336D767", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.7 es vulnerable a un reemplazo del control de acceso para los sistemas de archivos de red de contenedor. Un atacante podría reemplazar UserId y GroupId en GlusterFS y NFS para leer y escribir cualquier dato en el sistema de archivos de red.", }, ], id: "CVE-2018-1069", lastModified: "2024-11-21T03:59:06.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-09T14:29:00.217", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103364", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mitigation", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103364", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", matchCriteriaId: "A367C4FA-18DF-402F-B120-254B35F73BD1", versionEndExcluding: "18.09.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", matchCriteriaId: "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5", versionEndIncluding: "0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "949172CC-EBB5-47F6-B987-207C802EED0F", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*", matchCriteriaId: "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*", matchCriteriaId: "093326B1-448C-4E3B-886D-CAC8B6813BFF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*", matchCriteriaId: "F672C421-789D-4F21-B483-DA3EB251BA1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*", matchCriteriaId: "48FAFDE5-1E73-4874-8F2E-3C74B1955096", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*", matchCriteriaId: "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E9955945-7509-4542-BF83-B7BA0B4D8D05", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*", matchCriteriaId: "3C2EB454-D0C9-47FC-B727-1D61A8811967", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "1AF77BB2-6F7A-408A-9F54-60F1F53B3709", versionEndExcluding: "3.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*", matchCriteriaId: "41FF9E5A-7BD1-477E-9875-8525FD87B13F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "CA0695E0-954A-4533-9D93-58257E9EA6D5", versionEndExcluding: "1.4.3", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "B51B8DF0-FCE4-42A7-A582-0476226C6188", versionEndExcluding: "1.5.3", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "01878119-E05A-469B-B49D-5D19082CED28", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", matchCriteriaId: "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", vulnerable: true, }, { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "632B24FA-F2D6-42B0-87C7-7F142E15EFC7", versionEndExcluding: "2.2.0-1.13.3", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "0AD20FA7-737F-47C0-B2AC-735438253AA9", versionEndExcluding: "1.10.10", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "5E5AE03E-3AC4-4439-9D0D-45E097B2552C", versionEndExcluding: "1.11.9", versionStartIncluding: "1.10.11", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5", versionEndExcluding: "1.12.1", versionStartIncluding: "1.11.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*", matchCriteriaId: "2DCFB2E7-D769-4365-9B99-952907563749", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*", matchCriteriaId: "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*", matchCriteriaId: "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*", matchCriteriaId: "82C0FD9D-6117-40DE-9386-7327867F9615", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", }, { lang: "es", value: "runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe.", }, ], id: "CVE-2019-5736", lastModified: "2024-11-21T04:45:24.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-11T19:29:00.297", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106976", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rancher/runc-cve", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46359/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46369/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rancher/runc-cve", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46359/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46369/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2015-0238 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1184739 | Issue Tracking, VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2015-0238 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1184739 | Issue Tracking, VDB Entry, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.", }, { lang: "es", value: "selinux-policy tal y como está incluido en Red Hat OpenShift 2 permite que los atacantes obtengan información de la lista de procesos mediante un ataque de escalado de privilegios.", }, ], id: "CVE-2015-0238", lastModified: "2024-11-21T02:22:37.517", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-26T01:29:00.380", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2015-0238", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2015-0238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.debian.org/security/2017/dsa-3889 | Third Party Advisory | |
cve@mitre.org | https://access.redhat.com/security/cve/CVE-2017-1000376 | Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
cve@mitre.org | https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3889 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2017-1000376 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Mailing List, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_virtualization_server | - | |
redhat | openshift | 2.0 | |
redhat | enterprise_linux | 6.0 | |
redhat | enterprise_linux | 7.0 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
libffi_project | libffi | * | |
oracle | peopletools | 8.56 | |
oracle | peopletools | 8.57 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_virtualization_server:-:*:*:*:*:*:*:*", matchCriteriaId: "EFF9DC60-E34F-4C00-B8E2-E18DD34EACB9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*", matchCriteriaId: "3F474529-750F-4D6B-B2F5-3722B26C27EC", versionEndExcluding: "3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "80B456D2-0880-4A30-94A0-DA40634642FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "A6F1E1EF-B5D0-4984-A628-AB3A56DD67A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.", }, { lang: "es", value: "libffi solicita una pila ejecutable que permite que los atacantes desencadenen con más facilidad la ejecución de código arbitrario sobrescribiendo la pila. Se debe tener en cuenta que libffi es empleado por otras bibliotecas. Antes se dijo que esto afecta a la versión 3.2.1 de libffi, pero parece ser incorrecto. libffi en versiones anteriores a la 3.1 en sistemas x86 de 32 bits era vulnerable y se cree que upstream ha solucionado este problema en la versión 3.1.", }, ], id: "CVE-2017-1000376", lastModified: "2024-11-21T03:04:35.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-19T16:29:00.577", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3889", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2017-1000376", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3889", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2017-1000376", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7028227 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7028227 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation | 23.0.0 | |
ibm | robotic_process_automation | 23.0.1 | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "EC8BCB15-DD67-4718-9F68-ED2FA305AFEF", versionEndIncluding: "21.0.7.1", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E4566224-2998-4D20-9874-1572E283B06D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:23.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9D9A7903-4609-4E30-96DE-C18472700A8A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.\n\n", }, ], id: "CVE-2023-38734", lastModified: "2024-11-21T08:14:08.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T22:15:08.570", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028227", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.8:*:*:*:*:*:*:*", matchCriteriaId: "2AA943DD-23CD-48FD-A33B-9E4DC7AE9D80", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.9:*:*:*:*:*:*:*", matchCriteriaId: "28C5BBDA-B4F3-40A2-9F0A-75CF4C276769", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.10:*:*:*:*:*:*:*", matchCriteriaId: "6684D268-7B46-4672-8C9B-8719F2DC701F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.1:*:*:*:*:*:*:*", matchCriteriaId: "C19A2957-C915-4376-A4B5-87F4039BFD93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.", }, { lang: "es", value: "Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto válido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. Versiones 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 y 4.1 están afectadas.", }, ], id: "CVE-2019-3884", lastModified: "2024-11-21T04:42:47.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, exploitabilityScore: 1, impactScore: 2.5, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-01T14:15:13.190", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI.", }, ], id: "CVE-2014-3666", lastModified: "2024-11-21T02:08:36.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:08.050", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1038 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1038 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.1 utiliza permisos de lectura para todos en el archivo de configuración /etc/origin/master/master-config.yaml, lo que permite a usuarios locales obtener credenciales del Active Directory leyendo el archivo.", }, ], id: "CVE-2016-2142", lastModified: "2024-11-21T02:47:53.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:00.127", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1038", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/248924 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7009883 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/248924 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7009883 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_pak_for_data | 4.6.0 | |
ibm | watson_cp4d_data_stores | - | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_pak_for_data:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "91FB8BA8-11F7-42C3-9BBB-2980142B40FE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:watson_cp4d_data_stores:-:*:*:*:*:*:*:*", matchCriteriaId: "D13ADA7D-F9F2-4D8B-85D3-1AF6D6CD8221", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.", }, ], id: "CVE-2023-27540", lastModified: "2024-11-21T07:53:07.683", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-10T16:15:49.943", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7009883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7009883", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2013-2103 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2013-2103 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenShift cartridge allows remote URL retrieval", }, { lang: "es", value: "El cartucho de OpenShift permite la recuperación remota de la URL.", }, ], id: "CVE-2013-2103", lastModified: "2024-11-21T01:51:02.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-03T14:15:09.967", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-2103", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-2103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos listar el contenido de directorio y leer archivos arbitrarios en los recursos de servlet Jenkins servlet a través de secuencias de salto de directorio en una petición de jnlpJars/.", }, ], id: "CVE-2015-5322", lastModified: "2024-11-21T02:32:47.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:13.510", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199282 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6493729 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199282 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6493729 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_pak_for_security | 1.7.0.0 | |
ibm | cloud_pak_for_security | 1.7.1.0 | |
ibm | cloud_pak_for_security | 1.7.2.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.", }, { lang: "es", value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, podría permitir a un atacante llevar a cabo acciones no autorizadas debido a controles de autenticación inapropiados o ausentes. IBM X-Force ID: 199282", }, ], id: "CVE-2021-20578", lastModified: "2024-11-21T05:46:48.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-30T17:15:07.723", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6493729", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 no previene adecuadamente la descarga de plugins, lo que permite a usuarios remotos autenticados con el permiso Overall/READ obtener información sensible leyendo el código del plugin.", }, ], id: "CVE-2014-3667", lastModified: "2024-11-21T02:08:36.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:08.097", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-0175 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2014-0175 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-0175 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2014-0175 | Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
puppet | marionette_collective | - | |
redhat | openshift | 1.0 | |
redhat | openshift | 2.1 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:puppet:marionette_collective:-:*:*:*:*:*:*:*", matchCriteriaId: "DD29A508-E9F1-4D6F-ACD6-795F20F8DE2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:-:enterprise:*:*:*:*:*", matchCriteriaId: "6D63189E-7BFC-438B-A583-1901BBC15CF2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mcollective has a default password set at install", }, { lang: "es", value: "mcollective presenta una contraseña predeterminada establecida en la instalación.", }, ], id: "CVE-2014-0175", lastModified: "2024-11-21T02:01:33.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-13T13:15:10.820", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0175", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2014-0175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2014-0175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2014-0175", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "87068B16-A915-42BE-AFF0-9B23EF1FD2A7", versionEndIncluding: "1.580.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "BB5428DD-A289-4554-8874-2EEB47DD72E9", versionEndIncluding: "1.599", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados provocar una denegación de servicio (plug-in indebido e instalación de herramienta) a través del centro de datos actualizado manipulado.", }, ], id: "CVE-2015-1808", lastModified: "2024-11-21T02:26:11.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-16T20:59:07.637", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/241583 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6857807 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/241583 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6857807 | Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*", matchCriteriaId: "C4BF8AF2-0047-4E43-AEDF-0D4D54446876", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*", matchCriteriaId: "37215CD7-7390-4BCD-AA3A-E1B233875147", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*", matchCriteriaId: "B9B1A13B-7F98-44A6-9933-A0052E93D7F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*", matchCriteriaId: "9816F05C-8D57-48AD-9E64-907CDB24D612", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*", matchCriteriaId: "3C7B481C-86B1-44B0-AB68-48C1739B0DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*", matchCriteriaId: "ACA125F0-42C5-40E2-A63D-FDE0444A7D32", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*", matchCriteriaId: "984C0CFE-21D0-498B-B326-A3AB50C8602B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*", matchCriteriaId: "8B61BDF7-D688-49CC-9D96-A625BBF95E5B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.", }, ], id: "CVE-2022-43922", lastModified: "2024-11-21T07:27:21.977", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-01T18:15:10.453", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6857807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6857807", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1991685 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1991685 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773", versionEndExcluding: "2.12", versionStartIncluding: "2.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*", matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*", matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.", }, { lang: "es", value: "Una imagen PNG en escala de grises de 16 bits diseñada puede conllevar a una escritura fuera de límites en el área de la pila. Un atacante puede aprovecharse de ello para causar corrupción de datos de la pila o, eventualmente, la ejecución de código arbitrario y omitir las protecciones de arranque seguro. Este problema presenta una alta complejidad para ser explotado, ya que un atacante necesita llevar a cabo algún tipo de triage sobre la disposición de la pila para conseguir resultados significativos, además los valores escritos en la memoria son repetidos tres veces seguidas dificultando la producción de cargas útiles válidas. Este fallo afecta a grub2 versiones anteriores a grub-2.12", }, ], id: "CVE-2021-3695", lastModified: "2024-11-21T06:22:10.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T16:15:08.210", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://github.com/sparklemotion/nokogiri/issues/693 | Exploit, Issue Tracking, Third Party Advisory | |
cve@mitre.org | https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | Release Notes, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sparklemotion/nokogiri/issues/693 | Exploit, Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | Release Notes, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
nokogiri | nokogiri | * | |
redhat | cloudforms_management_engine | 5.0 | |
redhat | openshift | 2.0 | |
redhat | openstack | 4.0 | |
redhat | openstack | 6.0 | |
redhat | openstack_foreman | - | |
redhat | satellite | 6.0 | |
redhat | subscription_asset_manager | - | |
redhat | enterprise_mrg | 2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", matchCriteriaId: "CB203B5A-2979-4C08-8E90-EEA32EE5ACB0", versionEndExcluding: "1.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", matchCriteriaId: "7098B44F-56BF-42E3-8831-48D0A8E99EE2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", matchCriteriaId: "1802FDB8-C919-4D5E-A8AD-4C5B72525090", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", matchCriteriaId: "31EC146C-A6F6-4C0D-AF87-685286262DAA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*", matchCriteriaId: "C77E4AD2-8BB5-427E-90BA-CB43B3684179", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", matchCriteriaId: "848C92A9-0677-442B-8D52-A448F2019903", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "B0E2C740-099C-427F-846D-951A2A1BF07E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C60FA8B1-1802-4522-A088-22171DCF7A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks", }, { lang: "es", value: "Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE.", }, ], id: "CVE-2012-6685", lastModified: "2024-11-21T01:46:40.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-19T15:15:11.723", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/sparklemotion/nokogiri/issues/693", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/sparklemotion/nokogiri/issues/693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-776", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 utiliza un salt de acceso público para generar tokens de protección CSRF, lo que hace que sea más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de un ataque de fuerza bruta.", }, ], id: "CVE-2015-5318", lastModified: "2024-11-21T02:32:47.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-25T20:59:09.103", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2015-1808.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-1808.html | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "A4287FC6-3313-49B1-9F2D-87309354F51D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.", }, { lang: "es", value: "Vulnerabilidad en rubygem-openshift-origin-console en Red Hat OpenShift 2.2, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de una petición manipulada solicitada al Broker.", }, ], id: "CVE-2015-5274", lastModified: "2024-11-21T02:32:41.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-09-18T14:59:01.333", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.11:*:*:*:*:*:*:*", matchCriteriaId: "275413B5-6C5D-4125-9396-0DAE614887E8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.", }, { lang: "es", value: "Se informó del ataque de cumpleaños contra la falla de cifrado de bloques de 64 bits (CVE-2016-2183) para el puerto de controles de estado (9979) en el componente etcd grpc-proxy. Aunque el CVE-2016-2183 se corrigió en los componentes de etcd, para permitir comprobaciones periódicas de estado de kubelet, fue necesario abrir un nuevo puerto (9979) en etcd grpc-proxy, por lo que este puerto podría considerarse todavía vulnerables al mismo tipo de vulnerabilidad. Las comprobaciones de estado en etcd grpc-proxy no contienen datos confidenciales (solo datos de métricas), por lo que el impacto potencial relacionado con esta vulnerabilidad es mínimo. Se asignó el CVE-2023-0296 a este problema para rastrear la solución permanente en el componente etcd.", }, ], id: "CVE-2023-0296", lastModified: "2024-11-21T07:36:55.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-17T21:15:15.273", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/207320 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6493729 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/207320 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6493729 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | cloud_pak_for_security | 1.7.0.0 | |
ibm | cloud_pak_for_security | 1.7.1.0 | |
ibm | cloud_pak_for_security | 1.7.2.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BE236FAA-CBC7-49D6-934B-55CA67F0AE95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F15C8979-996E-44AE-BDF9-98BA5F1B3C41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "96168F0A-20FD-4F59-A4AC-0430276583AD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.", }, { lang: "es", value: "IBM Cloud Pak for Security (CP4S) versiones 1.7.0.0, 1.7.1.0, 1.7.2.0 y 1.8.0.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 207320", }, ], id: "CVE-2021-29894", lastModified: "2024-11-21T06:01:57.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-30T17:15:07.780", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6493729", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2027881 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2027881 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*", matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.", }, { lang: "es", value: "La versión de OpenShift 4.9.6, incluía cuatro correcciones de CVE para el paquete haproxy, sin embargo faltaba el parche para CVE-2021-39242. Este problema solo afecta a Red Hat OpenShift versión 4.9", }, ], id: "CVE-2021-4047", lastModified: "2024-11-21T06:36:47.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-11T20:15:16.437", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | * | |
redhat | openshift | 2.0 | |
redhat | openshift | 2.0.1 | |
redhat | openshift | 2.0.2 | |
redhat | openshift | 2.0.3 | |
redhat | openshift | 2.0.4 | |
redhat | openshift | 2.0.5 | |
redhat | openshift | 2.0.6 | |
redhat | openshift | 2.1 | |
redhat | openshift | 2.1.1 | |
redhat | openshift | 2.1.2 | |
redhat | openshift | 2.1.3 | |
redhat | openshift | 2.1.4 | |
redhat | openshift | 2.1.5 | |
redhat | openshift | 2.1.6 | |
redhat | openshift | 2.1.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B6B266CF-DDC0-421D-A36D-F123241E69B3", versionEndIncluding: "2.1.8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*", matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*", matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*", matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*", matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*", matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C6C0F050-48C7-4AFB-9DB3-A60C7E3501C0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "459F1262-B8B0-475E-A7F2-0913FEE6F715", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "732EE887-EB12-492F-A4E4-3F441BB92C8A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "34ACA7BA-8DB2-4645-9FF1-DB88195FFD2C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "A87A0BC7-F7D0-4090-992A-C26942FD82DE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "81360600-BF69-4078-A6E6-EE6606391924", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.", }, { lang: "es", value: "Red Hat OpenShift Enterprise anterior a 2.2 no restringe debidamente el acceso a gears, lo que permite a atacantes remotos acceder a los recursos de red de gears arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2014-3674", lastModified: "2024-11-21T02:08:37.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-13T21:32:03.560", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/95956 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory | |
secalert@redhat.com | https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95956 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jenkins.io/security/advisory/2017-02-01/ | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "F1F48E96-6C2B-4773-98A4-BFF626A0811F", versionEndExcluding: "2.32.2", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "D4595374-F7F2-43D5-BB78-37E8377B1E45", versionEndExcluding: "2.44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.", }, { lang: "es", value: "Jenkins en versiones anteriores a la 2.44, 2.32.2 es vulnerable a una exposición de información en la API interna que permite el acceso a los nombres de los elementos que no deberían ser visibles (SECURITY-380). Esto solo afecta a los usuarios anónimos (otros usuarios tienen acceso legítimo) que podrían obtener una lista de los elementos mediante un UnprotectedRootAction.", }, ], id: "CVE-2017-2611", lastModified: "2024-11-21T03:23:49.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-08T18:29:00.310", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95956", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://jenkins.io/security/advisory/2017-02-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://jenkins.io/security/advisory/2017-02-01/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-358", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 2.0 y 2.1 y OpenShift Origin permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de meta-caracteres de shell en el nombre del directorio referenciado por un cartucho (cartridge), usando el fichero : URI scheme.", }, ], id: "CVE-2014-0233", lastModified: "2024-11-21T02:01:43.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-16T11:59:01.603", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:1.642.1:*:*:*:lts:*:*:*", matchCriteriaId: "8B87EA57-C12B-4329-B969-2867803D0BA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens CSRF, lo que hace más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de una aproximación por fuerza bruta.", }, ], id: "CVE-2016-0791", lastModified: "2024-11-21T02:42:23.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:02.863", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:1.596.1:*:*:*:lts:*:*:*", matchCriteriaId: "1A0564DB-E5C6-459E-B9A0-557A81F92BC0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D", versionEndIncluding: "1.605", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.", }, { lang: "es", value: "El servicio de emisión de token de API en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos obtener privilegios a través de un \"cambio forzado de token de API\" involucrando a usuarios anónimos.", }, ], id: "CVE-2015-1814", lastModified: "2024-11-21T02:26:12.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-16T20:59:11.747", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/207828 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6505283 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/207828 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6505283 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | security_risk_manager_on_cp4s | 1.7.0.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_risk_manager_on_cp4s:1.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4EDEBA6A-AD58-4068-A879-DCDE46DDE0A2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.", }, { lang: "es", value: "IBM Security Risk Manager on CP4S versión 1.7.0.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. IBM X-Force ID: 207828", }, ], id: "CVE-2021-29912", lastModified: "2024-11-21T06:01:58.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-19T16:15:07.683", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6505283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6505283", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", }, { lang: "es", value: "Vulnerabilidad de XSS en la página de vista general de esclavos en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través del mensaje de estado del esclavo fuera de línea.", }, ], id: "CVE-2015-5326", lastModified: "2024-11-21T02:32:48.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-25T20:59:18.217", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "4203742F-66F7-4877-ABF8-EB304E114191", versionEndIncluding: "1.642.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "18F2C087-76F7-40F2-83DA-4C643363629C", versionEndIncluding: "1.649", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de inyección CRLF en la documentación de comando de la CLI en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados.", }, ], id: "CVE-2016-0789", lastModified: "2024-11-21T02:42:23.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T23:59:01.050", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244074 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7006001 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244074 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7006001 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation | * | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BAAF00-D394-4243-807A-A6D41125EC4B", versionEndIncluding: "21.0.7.3", versionStartIncluding: "21.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000", versionEndIncluding: "23.0.3", versionStartIncluding: "23.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.\n\n", }, ], id: "CVE-2023-22593", lastModified: "2024-11-21T07:45:01.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-27T19:15:09.187", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7006001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7006001", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/cve-2013-0196 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196 | Exploit, Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2013-0196 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196 | Exploit, Issue Tracking, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 1.2 | |
redhat | enterprise_linux | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "DC920653-E8B1-4D46-B8C4-DC847DD1DDB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.", }, { lang: "es", value: "Se encontró un problema de tipo CSRF en OpenShift Enterprise versión 1.2. La consola web está utilizando \"Basic authentication\" y la API REST no posee un mecanismo de protección contra ataques de tipo CSRF. Esto puede permitir a un atacante obtener la credencial y el encabezado Autorization: cuando se solicita la API REST por medio del navegador web.", }, ], id: "CVE-2013-0196", lastModified: "2024-11-21T01:47:02.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-30T22:15:11.213", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-0196", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-0196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vendor | Product | Version | |
---|---|---|---|
redhat | ceph_storage | 4.0 | |
redhat | openshift | 4.2 | |
redhat | openstack | 15 | |
linuxfoundation | ceph | * | |
fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*", matchCriteriaId: "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*", matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*", matchCriteriaId: "70108B60-8817-40B4-8412-796A592E4E5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", matchCriteriaId: "26BB96DD-5842-4227-8B10-984C536A5FFB", versionEndExcluding: "14.2.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.", }, { lang: "es", value: "Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat Openshift Container Storage versión 4.2 donde, se detectó una vulnerabilidad de reutilización de nonce en el modo seguro del protocolo de messenger v2, que puede permitir a un atacante falsificar etiquetas de autenticación y potencialmente manipular los datos al aprovechar la reutilización de un nonce en una sesión. Los mensajes cifrados usando un valor nonce reutilizado, son susceptibles de serios ataques de confidencialidad e integridad.", }, ], id: "CVE-2020-1759", lastModified: "2024-11-21T05:11:19.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-13T13:15:13.480", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-39", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-323", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
rubygems | rubygems | * | |
rubygems | rubygems | 1.8.0 | |
rubygems | rubygems | 1.8.1 | |
rubygems | rubygems | 1.8.2 | |
rubygems | rubygems | 1.8.3 | |
rubygems | rubygems | 1.8.4 | |
rubygems | rubygems | 1.8.5 | |
rubygems | rubygems | 1.8.6 | |
rubygems | rubygems | 1.8.7 | |
rubygems | rubygems | 1.8.8 | |
rubygems | rubygems | 1.8.9 | |
rubygems | rubygems | 1.8.10 | |
rubygems | rubygems | 1.8.11 | |
rubygems | rubygems | 1.8.12 | |
rubygems | rubygems | 1.8.13 | |
rubygems | rubygems | 1.8.14 | |
rubygems | rubygems | 1.8.15 | |
rubygems | rubygems | 1.8.16 | |
rubygems | rubygems | 1.8.17 | |
rubygems | rubygems | 1.8.18 | |
rubygems | rubygems | 1.8.19 | |
rubygems | rubygems | 1.8.20 | |
rubygems | rubygems | 1.8.21 | |
redhat | openshift | 1.2.2 | |
canonical | ubuntu_linux | 12.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", matchCriteriaId: "129BE399-B405-4DF1-987B-6DA24172FC19", versionEndIncluding: "1.8.22", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.2.2:-:enterprise:*:*:*:*:*", matchCriteriaId: "A7868189-C831-4E7D-9718-B2EFF16FCA3D", vulnerable: false, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.", }, { lang: "es", value: "RubyGems anteriores a 1.8.23 pueden redirigir conexiones HTTPS a HTTP, lo cual facilita a atacantes remotos observar o modificar una gema durante la instalación a través de un ataque man-in-the-middle.", }, ], id: "CVE-2012-2125", lastModified: "2024-11-21T01:38:32.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-01T17:55:03.257", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/55381", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { source: "secalert@redhat.com", url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/55381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF", versionEndExcluding: "4.3", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se encontró una vulnerabilidad en todas las versiones de openshift/postgresql-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/postgresql-apb. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.", }, ], id: "CVE-2020-1707", lastModified: "2024-11-21T05:11:12.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-20T15:15:13.607", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión.", }, ], id: "CVE-2014-3662", lastModified: "2024-11-21T02:08:36.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:07.970", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1991686 | Issue Tracking, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1991686 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-12 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220930-0001/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", matchCriteriaId: "B798FFCB-4972-436F-ADB4-8DA325089773", versionEndExcluding: "2.12", versionStartIncluding: "2.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", matchCriteriaId: "60937D60-6B78-400F-8D30-7FCF328659A1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62C4B3B6-7452-49AF-8981-737FE929FF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*", matchCriteriaId: "EF30E57A-97EA-4A44-8404-6AE4F058B44D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.4:*:*:*:*:*:*:*", matchCriteriaId: "5DAD1E4A-B22F-432C-97C8-D91D286535F1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*", matchCriteriaId: "35EEDB95-DCD1-4FED-9BBB-877B2062410C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "983533DD-3970-4A37-9A9C-582BD48AA1E5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "729C515E-1DD3-466D-A50B-AFE058FFC94A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "868A6ED7-44DD-44FF-8ADD-9971298A1175", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", matchCriteriaId: "22D095ED-9247-4133-A133-73B7668565E4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", matchCriteriaId: "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", matchCriteriaId: "492DF629-16B8-4882-822D-A6897B03DD30", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*", matchCriteriaId: "81609549-25CE-4C8A-9DE3-170D23704208", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*", matchCriteriaId: "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*", matchCriteriaId: "1CD81C46-328B-412D-AF4E-68A2AD2F1A73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, { lang: "es", value: "Puede producirse una escritura fuera de límites de la pila durante el manejo de las tablas Huffman en el lector PNG. Esto puede conllevar a una corrupción de datos en el espacio de la pila. El impacto en la confidencialidad, integridad y disponibilidad puede considerarse bajo ya que es muy complejo que un atacante controle la codificación y el posicionamiento de las entradas Huffman corruptas para conseguir resultados como la ejecución de código arbitrario y/o la omisión del arranque seguro. Este fallo afecta a grub2 versiones anteriores a grub-2.12", }, ], id: "CVE-2021-3696", lastModified: "2024-11-21T06:22:10.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T16:15:08.270", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.", }, { lang: "es", value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el openshift/ocp-release-operator-sdk. Un atacante con acceso al contenedor podría usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. Este CVE es específico para el openshift/ansible-operator-container como es incluido en Openshift versión 4.", }, ], id: "CVE-2019-19355", lastModified: "2024-11-21T04:34:38.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-18T17:15:11.837", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 2.0 | |
apache | activemq | 5.0.0 | |
apache | activemq | 5.1.0 | |
apache | activemq | 5.2.0 | |
apache | activemq | 5.3.0 | |
apache | activemq | 5.3.1 | |
apache | activemq | 5.3.2 | |
apache | activemq | 5.4.0 | |
apache | activemq | 5.4.1 | |
apache | activemq | 5.4.3 | |
apache | activemq | 5.5.0 | |
apache | activemq | 5.5.1 | |
apache | activemq | 5.6.0 | |
apache | activemq | 5.7.0 | |
apache | activemq | 5.8.0 | |
apache | activemq | 5.9.0 | |
apache | activemq | 5.9.1 | |
apache | activemq | 5.10.0 | |
apache | activemq | 5.10.1 | |
apache | activemq | 5.10.2 | |
apache | activemq | 5.11.0 | |
apache | activemq | 5.11.1 | |
apache | activemq | 5.11.2 | |
apache | activemq | 5.12.0 | |
apache | activemq | 5.12.1 | |
fedoraproject | fedora | 22 | |
fedoraproject | fedora | 23 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "436F59B9-507A-4B4E-A9F3-022616866151", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "05D6EC30-88DC-4424-BF86-D9C0DA5E191C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "82ACD6BA-257F-49D0-8944-0991FB038533", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C43FD7A1-FC03-47BC-B6C6-02C0F1466762", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", matchCriteriaId: "47B31CD9-A3BB-427C-A631-2E8168DD1985", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", matchCriteriaId: "6B904806-6796-4947-BDF4-EEA5681147E8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*", matchCriteriaId: "6075BF1D-AC7C-46E3-A730-4E9A98856520", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", matchCriteriaId: "623530FC-12E9-480B-AFA0-C19FCFFA5D36", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", matchCriteriaId: "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", matchCriteriaId: "11AADFBF-AC60-4535-892C-BE90BE858172", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", matchCriteriaId: "AC5143E8-B392-4954-9C0D-DD39388B669F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4C0A644-8667-4ABD-8BB3-46289DCD3A93", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*", matchCriteriaId: "607B6541-973A-4FF5-8106-A30076CA353C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*", matchCriteriaId: "08310F87-4C45-436F-A707-A22A4ACB1587", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*", matchCriteriaId: "4243B47C-26B9-45BE-B66A-F1534D18A265", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*", matchCriteriaId: "26258CBF-39D0-45FD-AC6B-3D9840CB88EE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*", matchCriteriaId: "532FC7B8-31FD-459C-B757-4D17D4E6ED63", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*", matchCriteriaId: "36710BEE-E9B8-4979-BB75-6CEF7836268B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*", matchCriteriaId: "F15DF0DF-FDBD-4196-88DE-023CF90AA0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*", matchCriteriaId: "0E1A027B-EDBB-4305-BCE2-5DA862F9A3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1DA90EA1-64F2-44DD-86A8-E35191C79446", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*", matchCriteriaId: "8E7D827D-8180-4605-98CB-03436F916B27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, { lang: "es", value: "Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado.", }, ], id: "CVE-2015-5254", lastModified: "2024-11-21T02:32:39.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-08T19:59:00.113", references: [ { source: "secalert@redhat.com", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2016/dsa-3524", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "E99FF97F-2A6C-4589-996B-FACCAFAE56E3", versionEndExcluding: "3.11.188-4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "9F64F6AE-D8DF-490B-991F-F90D705945F5", versionEndExcluding: "4.1.37", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A6C41B-575B-486E-AC21-429F507E1447", versionEndExcluding: "4.2.21", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "15747A3D-8D4B-42B6-A210-C9E533067A7B", versionEndExcluding: "4.3.5", versionStartIncluding: "4.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podría utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios.", }, ], id: "CVE-2019-19348", lastModified: "2024-11-21T04:34:37.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-02T20:15:15.393", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/207630 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6497177 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/207630 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6497177 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | app_connect_enterprise_certified_container | 1.0.0 | |
ibm | app_connect_enterprise_certified_container | 1.1.0 | |
ibm | app_connect_enterprise_certified_container | 1.2.0 | |
ibm | app_connect_enterprise_certified_container | 1.3.0 | |
ibm | app_connect_enterprise_certified_container | 1.4.0 | |
ibm | app_connect_enterprise_certified_container | 1.5.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E84CF402-8B95-4C23-8190-3B5CB41179CE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC731321-B677-48A2-A53F-13E5180DE3AC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8127ABE3-72FD-463D-831A-B99E101A2DF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8CC7E88E-07E8-4992-9902-F8403CB67C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3FD80D64-2837-4158-A036-C3333ECA0D13", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C23DD1C6-6BEE-4ABE-ADC0-66B1F467B96C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.", }, { lang: "es", value: "IBM App Connect Enterprise Certified Container versiones 1.0, 1.1, 1.2, 1.3, 1.4 y 1.5, podría divulgar información confidencial a un usuario local cuando es configurado para usar una clave API de IBM Cloud para conectarse a conectores basados en la nube. IBM X-Force ID: 207630", }, ], id: "CVE-2021-29906", lastModified: "2024-11-21T06:01:58.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-08T18:15:07.537", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6497177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6497177", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.", }, { lang: "es", value: "Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados relacionados con URLs \"scheme-relative\".", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/601.html\">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>", id: "CVE-2016-3726", lastModified: "2024-11-21T02:50:35.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:10.687", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHBA-2018:0489 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2018:0489 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137 | Issue Tracking, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | - | |
redhat | openshift_container_platform | 3.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", matchCriteriaId: "309CB6F8-F178-454C-BE97-787F78647C28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.", }, { lang: "es", value: "La lista blanca de importación de imágenes de OpenShift falló a la hora de aplicar restricciones correctamente al ejecutar comandos como, por ejemplo, \"oc tag\". Esto podría permitir que un usuario con acceso a OpenShift ejecute imágenes de registros en los que no debería estarle permitido.", }, ], id: "CVE-2017-15137", lastModified: "2024-11-21T03:14:08.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-16T20:29:00.223", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:0489", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHBA-2018:0489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1094 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1094 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.2 no restringe correctamente el acceso a builds STI, lo que permite a usuarios remotos autenticados acceder al socket Docker y obtener privilegios a través de vectores relacionado con build-pod.", }, ], id: "CVE-2016-3738", lastModified: "2024-11-21T02:50:36.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:07.657", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"", }, { lang: "es", value: "Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a usuarios remotos autenticados con múltiples cuentas provocar una denegación de servicio (sin posibilidad de acceso) editando el \"full name\".", }, ], id: "CVE-2016-3722", lastModified: "2024-11-21T02:50:34.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:07.047", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1914714 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1914714 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "AC917AC2-DD18-4DD6-80B4-4A1BE1A62D10", versionEndExcluding: "4.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.7.0:-:*:*:*:*:*:*", matchCriteriaId: "5D5A79FB-491F-4030-8F6F-C3691F9D7D58", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.", }, { lang: "es", value: "Se ha detectado un fallo de modificación no segura en el archivo /etc/kubernetes/kubeconfig en OpenShift. Este fallo permite a un atacante con acceso a un contenedor en ejecución que monta el archivo /etc/kubernetes o que tiene acceso local al nodo, copiar este archivo kubeconfig e intentar añadir su propio nodo al clúster de OpenShift. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad, así como la disponibilidad del sistema. Este fallo afecta a versiones anteriores a openshift4/ose-machine-config-operator v4.7.0-202105111858.p0", }, ], id: "CVE-2020-35514", lastModified: "2024-11-21T05:27:28.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-02T14:15:09.577", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6855837 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6855837 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_as_a_service | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
microsoft | windows | - | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "DD41B712-3818-4AFA-8A03-64E8B51809F0", versionEndExcluding: "21.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_as_a_service:*:*:*:*:*:*:*:*", matchCriteriaId: "D9758FDC-C224-4EB3-8D42-409F4CBE6442", versionEndExcluding: "21.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "034C5D78-A9CB-4A27-A2BF-1E7A1EB1318A", versionEndExcluding: "21.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.", }, { lang: "es", value: "IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utilizando técnicas de intermediario. ID de IBM X-Force: 244109.", }, ], id: "CVE-2023-22863", lastModified: "2024-11-21T07:45:32.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-18T19:15:12.803", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855837", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1767665 | Issue Tracking, Patch, Vendor Advisory | |
secalert@redhat.com | https://github.com/openshift/origin-web-console/pull/3173 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1767665 | Issue Tracking, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openshift/origin-web-console/pull/3173 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "8C1B0314-F05F-48C8-ABFD-C38D1EB3A3EE", versionEndIncluding: "4.3.5", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.", }, { lang: "es", value: "Se encontró una vulnerabilidad de suplantación de contenido en openshift/console versiones 3.11 y 4.x. Este fallo permite a un atacante crear una URL e inyectar texto arbitrario en la página de error que parece ser de la instancia de OpenShift. Este ataque podría potencialmente convencer a un usuario de que el texto insertado es legítimo", }, ], id: "CVE-2020-10715", lastModified: "2024-11-21T04:55:54.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-16T18:15:12.467", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openshift/origin-web-console/pull/3173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openshift/origin-web-console/pull/3173", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1029652 | Exploit, Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1029652 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39 | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.", }, { lang: "es", value: "En un nodo de openshift, se presenta un trabajo cron para actualizar los hechos de mcollective que maneja inapropiadamente un archivo temporal. Esto puede conllevar a una pérdida de confidencialidad e integridad", }, ], id: "CVE-2013-4561", lastModified: "2024-11-21T01:55:50.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-30T19:15:08.100", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-377", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/262289 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7028221 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/262289 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7028221 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "8A47F4B7-E1BE-4D42-95CE-C84D49FCF1E4", versionEndIncluding: "21.0.7", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "E11C26C3-7EAB-489D-980A-642997A202D9", versionEndIncluding: "21.0.7", versionStartIncluding: "21.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.\n\n", }, { lang: "es", value: "El servidor IBM Robotic Process Automation v21.0.0 a v21.0.7 podría permitir a un usuario autenticado ver información confidencial de los registros de la aplicación. IBM X-Force ID: 262289. ", }, ], id: "CVE-2023-38732", lastModified: "2024-11-21T08:14:08.157", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:39.373", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028221", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/237402 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6890729 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/237402 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6890729 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | watson_knowledge_catalog_on_cloud_pak_for_data | 4.5.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:watson_knowledge_catalog_on_cloud_pak_for_data:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "92273847-6C8D-4C54-8016-37912089E537", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.", }, ], id: "CVE-2022-41731", lastModified: "2024-11-21T07:23:45.080", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-12T04:15:15.633", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6890729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6890729", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_hpc_node | 6.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
oracle | linux | 6 | |
oracle | linux | 7 | |
redhat | openshift | 3.1 | |
redhat | openshift | 3.2 | |
libarchive | libarchive | * | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_hpc_node | 7.0 | |
redhat | enterprise_linux_hpc_node_eus | 7.2 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_aus | 7.2 | |
redhat | enterprise_linux_server_eus | 7.2 | |
redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*", matchCriteriaId: "6A6EFED3-4FD3-413D-85C2-73F746F346E8", versionEndIncluding: "3.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "39A901D6-0874-46A4-92A8-5F72C7A89E85", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "1C8D871B-AEA1-4407-AEE3-47EC782250FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", matchCriteriaId: "44B067C7-735E-43C9-9188-7E1522A02491", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", }, { lang: "es", value: "El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado.", }, ], id: "CVE-2016-5418", lastModified: "2024-11-21T02:54:16.420", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-21T14:25:13.457", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Technical Description", ], url: "http://www.openwall.com/lists/oss-security/2016/08/09/2", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/93165", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1852", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1853", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Technical Description", ], url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/libarchive/libarchive/issues/746", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/201701-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", ], url: "http://www.openwall.com/lists/oss-security/2016/08/09/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", ], url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/libarchive/libarchive/issues/746", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201701-03", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-19", }, { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | Exploit, Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1793283 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1793283 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en openshift/ansible-service-broker como es enviado en Red Hat Openshift versiones 4 y 3.11. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios", }, ], id: "CVE-2019-19350", lastModified: "2024-11-21T04:34:37.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-24T16:15:14.947", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | data_grid | 6.0.0 | |
redhat | jboss_a-mq | 6.0.0 | |
redhat | jboss_bpm_suite | 6.0.0 | |
redhat | jboss_data_virtualization | 5.0.0 | |
redhat | jboss_data_virtualization | 6.0.0 | |
redhat | jboss_enterprise_application_platform | 4.3.0 | |
redhat | jboss_enterprise_application_platform | 5.0.0 | |
redhat | jboss_enterprise_application_platform | 6.0.0 | |
redhat | jboss_enterprise_brms_platform | 5.0.0 | |
redhat | jboss_enterprise_brms_platform | 6.0.0 | |
redhat | jboss_enterprise_soa_platform | 5.0.0 | |
redhat | jboss_enterprise_web_server | 3.0.0 | |
redhat | jboss_fuse | 6.0.0 | |
redhat | jboss_fuse_service_works | 6.0 | |
redhat | jboss_operations_network | 3.0 | |
redhat | jboss_portal | 6.0.0 | |
redhat | openshift | 3.0 | |
redhat | subscription_asset_manager | 1.3.0 | |
redhat | xpaas | 3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:data_grid:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D90858CA-996D-4A07-A57A-5E228BBED442", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "33C4404A-CFB7-4B47-9487-F998825C31CA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7750C45E-4D02-45D5-A3AA-CF024C20AC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3257F51A-C847-4251-8B1B-D8DEF11677A3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9CDC2527-97FE-409D-8DD6-78E085CC73C2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FA0930C5-C483-414C-879D-029FDE8251C6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFB8FED0-E0C6-409C-A2D8-B3999265D545", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8E2F2F98-DB90-43F6-8F28-3656207B6188", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3B78438D-1321-4BF4-AEB1-DAF60D589530", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C077D692-150C-4AE9-8C0B-7A3EA5EB1100", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E5C01A82-F078-4D08-93D0-6318272D3D8F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "45690263-84D9-45A1-8C30-3ED2F0F11F47", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:xpaas:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F58B1F3C-C27D-4387-9164-C3E2E0960A2A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.", }, { lang: "es", value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto está relacionado con la librería ACC (Apache Commons Collections).", }, ], id: "CVE-2015-7501", lastModified: "2024-11-21T02:36:53.193", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-09T17:29:00.203", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78215", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034097", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037052", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037053", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037640", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/2059393", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/solutions/2045023", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330", }, { source: "secalert@redhat.com", url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html", }, { source: "secalert@redhat.com", url: "https://security.netapp.com/advisory/ntap-20240216-0010/", }, { source: "secalert@redhat.com", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/2059393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/solutions/2045023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240216-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1094 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1094 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.", }, { lang: "es", value: "Red Hat OpenShift Enterprise 3.2, cuando multi-tenant SDN está habilitado y un build está ejecutado en un espacio de nombres que normalmente estaría aislado de pods en otros espacios de nombres, permite a usuarios remotos autenticados acceder a recursos de red en pods restringidos a través de un build s2i con una imagen builder que (1) contiene comandos ONBUILD o (2) no contiene un binario tar.", }, ], id: "CVE-2016-3708", lastModified: "2024-11-21T02:50:32.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-08T17:59:05.750", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7028223 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7028223 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation | * | |
redhat | openshift | - | |
microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "DDF503DD-23DC-4B22-8873-BE94BF0F1CD1", versionEndIncluding: "21.0.7.3", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000", versionEndIncluding: "23.0.3", versionStartIncluding: "23.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.\n\n", }, ], id: "CVE-2023-38733", lastModified: "2024-11-21T08:14:08.300", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T22:15:08.460", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7028223", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "9BE55AD5-7BF6-4B5A-9BDA-3148E0CFC7A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en la consola de gestión (openshift-console/app/controllers/application_controller.rb) en OpenShift v0.0.5 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2012-5622", lastModified: "2024-11-21T01:44:59.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-12-18T01:55:07.680", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/88333", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/pull/1009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/88333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/pull/1009", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
pypa | pip | * | |
virtualenv | virtualenv | 12.0.7 | |
fedoraproject | fedora | 20 | |
fedoraproject | fedora | 21 | |
redhat | openshift | 1.0 | |
redhat | openshift | 2.0 | |
redhat | software_collections | - | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*", matchCriteriaId: "04BF789D-45CA-4644-9B6A-E4FC6EFCA781", versionEndExcluding: "1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:virtualenv:virtualenv:12.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4FEC46E5-9B27-46E8-B178-11F2A9B2DF92", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.", }, { lang: "es", value: "El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle.", }, ], id: "CVE-2013-5123", lastModified: "2024-11-21T01:57:03.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-05T22:15:10.813", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/17", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/18", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77520", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-5123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-5123", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
phusion | passenger | * | |
phusion | passenger | 3.0.0 | |
phusion | passenger | 3.0.1 | |
phusion | passenger | 3.0.2 | |
phusion | passenger | 3.0.3 | |
phusion | passenger | 3.0.4 | |
phusion | passenger | 3.0.5 | |
phusion | passenger | 3.0.6 | |
phusion | passenger | 3.0.7 | |
phusion | passenger | 3.0.8 | |
phusion | passenger | 3.0.9 | |
phusion | passenger | 3.0.10 | |
phusion | passenger | 3.0.11 | |
phusion | passenger | 3.0.12 | |
phusion | passenger | 3.0.13 | |
phusion | passenger | 3.0.14 | |
phusion | passenger | 3.0.15 | |
phusion | passenger | 3.0.17 | |
phusion | passenger | 3.0.18 | |
phusion | passenger | 3.0.19 | |
phusion | passenger | 4.0.1 | |
phusion | passenger | 4.0.2 | |
phusion | passenger | 4.0.3 | |
phusion | passenger | 4.0.4 | |
ruby-lang | ruby | * | |
redhat | openshift | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*", matchCriteriaId: "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C", versionEndIncluding: "3.0.20", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD8C8495-4011-4B96-BB78-430B1F508548", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6CD685C8-82D3-497A-84E9-238D19F15FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "40AD3808-45E1-4889-98AF-4267B9DB17A6", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "36FCE653-AFE2-4291-872E-9CA8772F0CAD", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "5EF4B9EF-23CC-46E3-8700-36633924B9CF", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "522C4CC8-9B97-4E1D-B82B-073D14444909", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E9FEA652-5FFF-443F-983B-4FC5A4478F9E", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "3907694B-8E1A-4C5B-ABF0-90F023845557", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "D2AA53B5-4F58-4D38-80D7-42771F2C295C", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "4472ABCB-B464-4640-A892-73B4C8CB609F", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*", matchCriteriaId: "49FEE58A-FFDD-4E00-94F7-947D32CC1350", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*", matchCriteriaId: "09AFC97E-37EF-4D68-B947-C8FB43A11245", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*", matchCriteriaId: "E2267254-554B-4AF2-A72B-0E346E4657C3", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5C406BAD-DCF8-4C46-9731-A81EBF387F68", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E3C18671-5FB1-4C97-9FDD-6D495A748DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "ECFAD875-6DB0-4D40-9A11-E02DA954B197", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A1CC46D4-E33E-467C-B5C7-8F371D906A46", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2595C046-B304-42F3-8194-C259EFDBCA76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*", matchCriteriaId: "E038BCDC-E14F-4D37-981C-BB80853C148C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.", }, { lang: "es", value: "Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero \"config\" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema.", }, ], id: "CVE-2013-2119", lastModified: "2024-11-21T01:51:04.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-03T18:54:11.350", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "99D411C8-56FB-4F1A-9822-C9D3153B365A", versionEndIncluding: "1.596.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "26836BE3-EB42-4460-81A7-5249801BA67D", versionEndIncluding: "1.605", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.", }, { lang: "es", value: "Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.606 y LTS en versiones anteriores a 1.596.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1812.", }, ], id: "CVE-2015-1813", lastModified: "2024-11-21T02:26:11.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-10-16T20:59:10.873", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1064100 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1064100 | Issue Tracking, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift-origin-node-util | - | |
redhat | openshift | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift-origin-node-util:-:*:*:*:*:*:*:*", matchCriteriaId: "39102EAF-760D-4068-BB9B-67D0DD5720F6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9DF1BA10-20C1-4F07-BFBE-803A104C55EC", versionEndIncluding: "2.1.1", versionStartIncluding: "1.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.", }, { lang: "es", value: "Se ha reportado que watchman en openshift node-utils crea /var/run/watchman.pid y /var/log/watchman.ouput con permiso de escritura mundial", }, ], id: "CVE-2014-0068", lastModified: "2024-11-21T02:01:17.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-30T21:15:10.317", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados", }, ], id: "CVE-2014-3664", lastModified: "2024-11-21T02:08:36.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-15T14:55:07.727", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973", }, { source: "secalert@redhat.com", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6855839 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6855839 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation_for_cloud_pak | * | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", matchCriteriaId: "F474D877-57F4-496D-8E69-769DD42445D1", versionEndExcluding: "21.0.5", versionStartIncluding: "21.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "22EB28CE-7C7F-4290-85FE-5E3EBF905CF0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.\n\n", }, { lang: "es", value: "IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073.", }, ], id: "CVE-2023-22592", lastModified: "2024-11-21T07:45:01.437", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 2.5, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-18T19:15:12.573", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6855839", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
devfile | registry-support | * | |
redhat | openshift | 4.0 | |
redhat | openshift_developer_tools_and_services | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:*", matchCriteriaId: "8FDBF67C-FADA-4C25-9795-E099C8D0DB56", versionEndExcluding: "0.0.0-20240206", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.", }, { lang: "es", value: "Se encontró una vulnerabilidad en la función de descompresión del soporte de registro. Este problema puede ser desencadenado por un atacante remoto no autenticado al engañar a un usuario para que abra un archivo .tar especialmente modificado, lo que lleva al proceso de limpieza a seguir rutas relativas para sobrescribir o eliminar archivos fuera del alcance previsto.", }, ], id: "CVE-2024-1485", lastModified: "2024-11-21T08:50:41.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.8, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.8, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-14T00:15:46.783", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-1485", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/devfile/registry-support/pull/197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2024-1485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/devfile/registry-support/pull/197", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-23", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 1.2.8 | |
redhat | openshift | 2.0 | |
redhat | openshift | 2.0.1 | |
redhat | openshift | 2.0.2 | |
redhat | openshift | 2.0.3 | |
redhat | openshift | 2.0.4 | |
redhat | openshift | 2.0.5 | |
redhat | openshift | 2.0.6 | |
redhat | openshift | 2.1 | |
redhat | openshift | 2.1.1 | |
redhat | openshift_origin | 1.2.8 | |
redhat | openshift_origin | 2.1 | |
redhat | openshift_origin | 2.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.2.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "8B150884-E0B1-419B-B085-BFA29FA880FC", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*", matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*", matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*", matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*", matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*", matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "A7EA05E8-A168-428B-A884-94FDC8FA9718", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:2.1:*:*:*:*:*:*:*", matchCriteriaId: "22826952-47F5-4C1B-8A8B-35E089B84C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B1F656F4-7B39-4318-A231-E01C0B6ABE0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.", }, { lang: "es", value: "cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos.", }, ], id: "CVE-2014-3496", lastModified: "2024-11-21T02:08:13.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-06-20T14:55:07.030", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/59298", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", }, { source: "secalert@redhat.com", url: "https://github.com/openshift/origin-server/pull/5521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openshift/origin-server/pull/5521", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4", versionEndIncluding: "1.637", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", }, { lang: "es", value: "Vulnerabilidad XXE en el comando create-job en CLI en Jenkins en versiones anteriores a 1.638 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos leer archivos arbitrarios a través de una configuración de trabajo manipulado que es cuando se utiliza una \"herramienta XML-aware\", según lo demostrado mediante get-job y update-job.", }, ], evaluatorComment: "<a href=\"https://cwe.mitre.org/data/definitions/611.html\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", id: "CVE-2015-5319", lastModified: "2024-11-21T02:32:47.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-25T20:59:10.383", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/94991 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94991 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592 | Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2.1.23:*:*:*:enterprise:*:*:*", matchCriteriaId: "2325EB46-F017-4D89-8436-1BDB75AC4007", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.3.1.11:*:*:*:enterprise:*:*:*", matchCriteriaId: "401352A3-D572-4E6D-91DF-3CD131825BE9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "E1056A33-690E-4120-821F-52B9705CB84B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.", }, { lang: "es", value: "openshift, en versiones anteriores a la 3.3.1.11, 3.2.1.23 y 3.4, es vulnerable a un error cuando un volumen fracasa a la hora de desasociarse. Esto provoca que la operación de borrado falle con un error \"VolumeInUse\". Como la operación de borrado se reintenta cada 30 segundos para cada volumen, esto podría conducir a un ataque de denegación de servicio (DoS), ya que el número de peticiones API que se envían al proveedor cloud excede el límite de tasa de la API.", }, ], id: "CVE-2016-9592", lastModified: "2024-11-21T03:01:28.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-16T15:29:00.233", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94991", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-460", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "F1F9383B-8318-4566-9964-3AE3628E15E5", versionEndIncluding: "1.2.7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E20E866B-803E-434D-9FB1-9D53FC07665F", versionEndIncluding: "2.0.5", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.", }, { lang: "es", value: "El openshift-origin-broker en Red Hat OpenShift Enterprise 2.0.5, 1.2.7, y anteriores no maneja adecuadamente las peticiones de autenticación provenientes del plugin de autenticación de usuarios remotos, lo que permite a atacantes remotos evitar la autenticación y suplantar a usuarios arbitrarios a través de las cabeceras X-Remote-User en las peticiones provocando un bypass.", }, ], id: "CVE-2014-0188", lastModified: "2024-11-21T02:01:35.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-24T14:55:04.263", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2128858 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2128858 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*", matchCriteriaId: "0189F456-4CE5-4E94-83F9-9EC636C72F18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.", }, { lang: "es", value: "Se encontró un fallo en Openshift. Un pod con una política DNS de \"ClusterFirst\" puede resolver incorrectamente el nombre de host según un servicio proporcionado. Esta falla permite que un atacante proporcione un nombre incorrecto con la política de búsqueda de DNS, lo que afecta la confidencialidad y la disponibilidad.", }, ], id: "CVE-2022-3262", lastModified: "2024-11-21T07:19:10.177", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-08T16:15:13.293", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-453", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1188", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHBA-2019:0028 | ||
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2882 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 | Issue Tracking, Mitigation, Third Party Advisory | |
secalert@redhat.com | https://usn.ubuntu.com/3780-1/ | Third Party Advisory | |
secalert@redhat.com | https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html | ||
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:0028 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2882 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 | Issue Tracking, Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3780-1/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html |
Vendor | Product | Version | |
---|---|---|---|
haproxy | haproxy | * | |
canonical | ubuntu_linux | 18.04 | |
redhat | openshift | 3.10 | |
redhat | openshift_container_platform | 3.9 | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux | 7.3 | |
redhat | enterprise_linux | 7.4 | |
redhat | enterprise_linux | 7.5 | |
redhat | enterprise_linux | 7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "F4F0D169-E661-44C6-98E7-AA40B01D3706", versionEndIncluding: "1.8.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.10:*:*:*:enterprise:*:*:*", matchCriteriaId: "384135A7-48E2-470F-91CE-8253F10D8D0D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", matchCriteriaId: "309CB6F8-F178-454C-BE97-787F78647C28", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "B99A2411-7F6A-457F-A7BF-EB13C630F902", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.", }, { lang: "es", value: "Se ha descubierto un fallo en el descodificador HPACK de HAProxy en versiones anteriores a la 1.8.14 que se utiliza para HTTP/2. Un acceso de lectura fuera de límites en hpack_vallid_idx() resultó en un cierre inesperado remoto y una denegación de servicio (DoS).", }, ], id: "CVE-2018-14645", lastModified: "2024-11-21T03:49:29.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-21T13:29:00.453", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHBA-2019:0028", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2882", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3780-1/", }, { source: "secalert@redhat.com", url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHBA-2019:0028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3780-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A", versionEndIncluding: "1.625.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "DCFC646A-BA70-404D-9DE1-EE758455546E", versionEndIncluding: "1.639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados.", }, ], id: "CVE-2015-7538", lastModified: "2024-11-21T02:36:56.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-03T18:59:02.977", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.securityfocus.com/bid/91793 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:1427 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1356195 | Issue Tracking | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91793 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:1427 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1356195 | Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.", }, { lang: "es", value: "El servidor API en Kubernetes, como es utilizado en Red Hat OpenShift Enterprise 3.2, en un entorno de múltiples usuarios permite a usuarios remotos autenticados con conocimiento de nombres de otros proyectos obtener información sensible de proyectos y usuarios a través de vectores relacionados con la lista watch-cache.", }, ], id: "CVE-2016-5392", lastModified: "2024-11-21T02:54:13.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-05T15:59:08.380", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91793", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1427", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1743073 | Issue Tracking, Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1743073 | Issue Tracking, Mitigation, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 4.2 | |
redhat | openshift_container_platform | 3.11 | |
redhat | openshift_container_platform | 4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.2:*:*:*:*:*:*:*", matchCriteriaId: "B1936DEA-6470-48CA-9FE1-B16448554ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.", }, { lang: "es", value: "Se encontró un fallo en atomic-openshift de openshift-4.2, donde el rol de usuario básico RABC en OpenShift Container Platform no protege suficientemente el GlusterFS StorageClass contra filtraciones del restuserkey. Un atacante con permisos de usuario básico puede obtener el valor de restuserkey y usarlo para autenticarse en el servicio REST de GlusterFS, consiguiendo acceso para leer y modificar archivos", }, ], id: "CVE-2019-10225", lastModified: "2024-11-21T04:18:41.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-19T21:15:11.807", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:openshift:2.0:*:enterprise:*:*:*:*:*", matchCriteriaId: "22DCCD9B-8D31-4757-A68A-FEF2C1E9E2BE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*", matchCriteriaId: "30C501A1-FE2D-41E7-A5DB-C61D8701B9B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*", matchCriteriaId: "3CF1F9EF-01AF-4708-AE02-765360AF3D66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", matchCriteriaId: "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgd:libgd:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "AF216444-68A4-490E-B3A4-9ECA664939BD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "44C85C39-7022-488D-8473-DB55CF456D7E", versionEndIncluding: "5.5.36", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "5BF4E8FF-A3EC-43E8-A0C1-FD38AFCB77B8", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "54ADECFC-3C07-43BC-B296-6C25AC7F1C95", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "FE192054-2FBB-4388-A52A-422E20DEA2D7", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "F0195D48-3B42-4AC0-B9C5-436E01C63879", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "BF0E5D67-ABC1-41A5-94E1-7DD3CDB51D81", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", matchCriteriaId: "319E0573-B1AD-40B6-B4BC-8BE67ED3EFDB", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", matchCriteriaId: "1A7C00EB-87B7-4EB7-A4AC-8665D8C78467", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21BFCF10-786A-4D1E-9C37-50A1EC6056F1", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", matchCriteriaId: "95A6D6C8-5F46-4897-A0B0-778631E8CE6A", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", matchCriteriaId: "F1F13E2D-A8F7-4B74-8D03-7905C81672C9", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", matchCriteriaId: "AE18933A-5FE6-41C7-B1B6-DA3E762C3FB6", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", matchCriteriaId: "9AE1289F-03A6-4621-B387-5F5ADAC4AE92", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", matchCriteriaId: "383697F5-D29E-475A-84F3-46B54A928889", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*", matchCriteriaId: "786ED182-5D71-4197-9196-12AB5CF05F85", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*", matchCriteriaId: "BF90980D-74AD-44AA-A7C5-A0B294CCE4F8", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*", matchCriteriaId: "48D6B69C-8F27-4F4C-B953-67A7F9C2FBA5", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*", matchCriteriaId: "B53DC0C3-EA19-4465-B65A-BC7CDB10D8BF", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*", matchCriteriaId: "BEA4DFC1-6C0C-42FB-9F47-E3E1AA9E47E0", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*", matchCriteriaId: "D904E21A-4B3B-4D96-850C-0C0315F14E6D", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*", matchCriteriaId: "C7CEF6D7-8966-45E7-BEBB-12055F5898C6", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*", matchCriteriaId: "171C1035-414C-4F3A-90F4-1A8ED26E3346", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*", matchCriteriaId: "725BBA4E-B3BA-4AFA-A284-E0CDE3EC8FB4", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*", matchCriteriaId: "F7793408-66A2-4DE7-B5AA-E49E8A2EE043", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*", matchCriteriaId: "95840EC0-512D-468D-99B0-17E8CFDD6BE0", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*", matchCriteriaId: "E1078D15-8073-4C04-82C2-3C8111E18B6C", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*", matchCriteriaId: "1B2E5E0C-8DD7-4CF8-A7E7-28ED0FD8B0C1", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*", matchCriteriaId: "3E6EE9E4-9D6E-4CCC-B116-6020DA6884BE", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*", matchCriteriaId: "F9A23E37-8B94-440A-8014-389AC5389A19", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*", matchCriteriaId: "AD5E20AF-724B-4DBD-9AED-920375666B6B", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*", matchCriteriaId: "FD008BBB-10C9-48E2-97B8-6B86B54FD48E", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*", matchCriteriaId: "90727984-6853-4348-B3CD-4869788117FD", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6B90B947-7B54-47F3-9637-2F4AC44079EE", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "35848414-BD5D-4164-84DC-61ABBB1C4152", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*", matchCriteriaId: "2B1F8402-8551-4F66-A9A7-81D472AB058E", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*", matchCriteriaId: "7A773E8E-48CD-4D35-A0FD-629BD9334486", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FC492340-79AF-4676-A161-079A97EC6F0C", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*", matchCriteriaId: "F1C2D8FE-C380-4B43-B634-A3DBA4700A71", vulnerable: false, }, { criteria: "cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EB58393-0C10-413C-8D95-6BAA8BC19A1B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*", matchCriteriaId: "CA79CE41-D873-4A4A-A20C-83EB8772E5FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", matchCriteriaId: "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", matchCriteriaId: "F6D63B21-9D2E-4B15-9E60-6181D44B1F55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", matchCriteriaId: "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*", matchCriteriaId: "5DB4C0E8-8E50-44B1-BE0C-4C261D9E9730", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:9.2:*:*:*:*:*:*:*", matchCriteriaId: "2C560926-7789-4052-819D-C36C43C9C61E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*", matchCriteriaId: "DD5ECA1A-D9B4-4ED7-95EC-684E7AA2B765", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*", matchCriteriaId: "9899C87E-2C09-46AE-BC24-1ACF012784CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E6BD5BFF-260A-4A9E-B0AA-C8B8386B154E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", matchCriteriaId: "21EFF723-7B5A-4712-8A6B-56CADAA4BFD5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", matchCriteriaId: "57052F01-8695-4C63-A947-7671375B9312", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*", matchCriteriaId: "E102E760-362C-4DC7-BDED-E2CF9F94ECE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*", matchCriteriaId: "D78E559A-430D-4D50-8A83-58A37D393471", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", }, { lang: "es", value: "Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/122.html\">CWE-122</a>", id: "CVE-2016-5766", lastModified: "2024-11-21T02:54:58.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-07T10:59:13.663", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://php.net/ChangeLog-5.php", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://php.net/ChangeLog-7.php", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3619", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/4", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-3030-1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://bugs.php.net/bug.php?id=72339", }, { source: "cve@mitre.org", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://libgd.github.io/release-2.2.3.html", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201612-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://php.net/ChangeLog-5.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://php.net/ChangeLog-7.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-3030-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://bugs.php.net/bug.php?id=72339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://libgd.github.io/release-2.2.3.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201612-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.", }, { lang: "es", value: "Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/jenkins. Un atacante con acceso al contenedor podría usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios. Este CVE es específico de openshift/jenkins-slave-base-rhel7-container como es incluido en Openshift versiones 4 y 3.11.", }, ], id: "CVE-2019-19351", lastModified: "2024-11-21T04:34:37.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-18T17:15:11.713", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | * | |
redhat | openshift | 2.0 | |
redhat | openshift | 2.0.1 | |
redhat | openshift | 2.0.2 | |
redhat | openshift | 2.0.3 | |
redhat | openshift | 2.0.4 | |
redhat | openshift | 2.0.5 | |
redhat | openshift | 2.0.6 | |
redhat | openshift | 2.1 | |
redhat | openshift | 2.1.1 | |
redhat | openshift | 2.1.2 | |
redhat | openshift | 2.1.3 | |
redhat | openshift | 2.1.4 | |
redhat | openshift | 2.1.5 | |
redhat | openshift | 2.1.6 | |
redhat | openshift | 2.1.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "B6B266CF-DDC0-421D-A36D-F123241E69B3", versionEndIncluding: "2.1.8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.1:*:enterprise:*:*:*:*:*", matchCriteriaId: "7405F776-4F1C-467A-AC66-5AABBE43411B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.2:*:enterprise:*:*:*:*:*", matchCriteriaId: "437AB2B0-0175-4E48-A1A5-6723C97F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.3:*:enterprise:*:*:*:*:*", matchCriteriaId: "BA5E9EB2-607B-43A7-A75F-CA171529B9E8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.4:*:enterprise:*:*:*:*:*", matchCriteriaId: "582D97B4-ADBC-485D-B00F-AD9F3566F711", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.5:*:enterprise:*:*:*:*:*", matchCriteriaId: "AB204392-8CE0-4B3B-9399-F6B83EB9006F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.0.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D84F1EB-5654-4B52-92E3-5DA10F97CA39", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "AC659BB6-CD01-4F4A-BFBC-227A52ECB391", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "A463CF4B-2010-4AB5-9275-020BF53B5FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C6C0F050-48C7-4AFB-9DB3-A60C7E3501C0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.3:*:*:*:enterprise:*:*:*", matchCriteriaId: "459F1262-B8B0-475E-A7F2-0913FEE6F715", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "732EE887-EB12-492F-A4E4-3F441BB92C8A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "34ACA7BA-8DB2-4645-9FF1-DB88195FFD2C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "A87A0BC7-F7D0-4090-992A-C26942FD82DE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:2.1.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "81360600-BF69-4078-A6E6-EE6606391924", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.", }, { lang: "es", value: "Red Hat OpenShift Enterprise anterior a 2.2 permite a usuarios locales obtener direcciones IP y otra información para sistemas remotos mediante la lectura de /proc/net/tcp.", }, ], id: "CVE-2014-3602", lastModified: "2024-11-21T02:08:29.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-13T21:32:00.187", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | Exploit, Issue Tracking, Product, Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1793284 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | Exploit, Issue Tracking, Product, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1793284 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5F7E2F04-474D-4196-9CE8-242642990A16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor operator-framework/operator-metering como es enviado en Red Hat Openshift versión 4. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios", }, ], id: "CVE-2019-19349", lastModified: "2024-11-21T04:34:37.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-24T16:15:14.853", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Product", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Product", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/244500 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7005999 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/244500 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7005999 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | robotic_process_automation | * | |
ibm | robotic_process_automation | * | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BAAF00-D394-4243-807A-A6D41125EC4B", versionEndIncluding: "21.0.7.3", versionStartIncluding: "21.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F513AA2B-F457-408B-8D5F-EBE657439000", versionEndIncluding: "23.0.3", versionStartIncluding: "23.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.", }, ], id: "CVE-2023-23468", lastModified: "2024-11-21T07:46:15.633", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-27T19:15:09.293", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7005999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7005999", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "4A979807-E051-4BD5-8811-85FED039DB59", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "587BB544-D4F5-4540-8A61-578FD30DB508", versionEndIncluding: "1.651.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "F8E35FAB-695F-44DA-945D-60B47C1F200B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "F33CEF04-05FA-444C-BB14-F3E3434AF61F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.", }, { lang: "es", value: "La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configuración global a través de vectores no especificados.", }, ], id: "CVE-2016-3727", lastModified: "2024-11-21T02:50:35.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-17T14:08:11.717", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/209940 | VDB Entry, Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6505281 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/209940 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6505281 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | security_risk_manager_on_cp4s | 1.7.2.0 | |
redhat | openshift | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:security_risk_manager_on_cp4s:1.7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1234F13E-0179-4713-82F0-F601F64948ED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.", }, { lang: "es", value: "IBM Security Risk Manager on CP4S versión 1.7.0.0, almacena las credenciales de usuarios en texto sin cifrar que puede ser leído por un usuario privilegiado autenticado. IBM X-Force ID: 209940", }, ], id: "CVE-2021-38911", lastModified: "2024-11-21T06:18:11.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-19T16:15:07.737", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6505281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6505281", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/05/07/1 | Mailing List, Third Party Advisory | |
secalert@redhat.com | http://www.securityfocus.com/bid/59687 | Third Party Advisory, VDB Entry | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=960363 | Exploit, Issue Tracking, Vendor Advisory | |
secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/84075 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/05/07/1 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/59687 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=960363 | Exploit, Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/84075 | Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "19D8D9FF-51A8-4A81-B855-DB480ABEA300", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.", }, { lang: "es", value: "La función download_from_url en OpenShift Origin, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en la URL de una petición para descargar un carrito.", }, ], id: "CVE-2013-2060", lastModified: "2024-11-21T01:50:57.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-28T16:15:11.527", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/05/07/1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/59687", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/05/07/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/59687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice | Third Party Advisory | |
secalert@redhat.com | https://www.openwall.com/lists/oss-security/2014/06/05/19 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2014/06/05/19 | Mailing List, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:*:*:-:*:*:*", matchCriteriaId: "8AFA9951-AB69-4B63-9459-957A683484FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.", }, { lang: "es", value: "En Red Hat Openshift versión 1, son aplicados permisos débiles por defecto al archivo /etc/openshift/server_priv.pem en el servidor del broker, lo que podría permitir a usuarios con acceso local al broker leer este archivo", }, ], id: "CVE-2013-4281", lastModified: "2024-11-21T01:55:16.247", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-19T18:15:11.243", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | * | |
redhat | openshift_origin | 1.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:-:enterprise:*:*:*:*:*", matchCriteriaId: "7D4E1F6B-34CD-4926-88A3-E440846BF387", versionEndIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_origin:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "7D94C104-7375-4D23-97F7-E9B861A70E1C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.", }, { lang: "es", value: "RHC-chk.rb en Red Hat OpenShift Origin anterior a v1,1, cuando -d (modo de depuración) se utiliza, muestra la contraseña y otra información confidencial en texto plano, lo que permite a atacantes dependientes del contexto obtener información sensible, como se ha demostrado mediante la inclusión de archivos de registro o reportes de Bugzilla en los canales de ayuda.", }, ], id: "CVE-2012-5658", lastModified: "2024-11-21T01:45:03.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-24T22:55:01.033", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 | Issue Tracking, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", matchCriteriaId: "56FBB37B-F320-4355-B695-08251CCBE6EF", versionEndExcluding: "4.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", matchCriteriaId: "64797939-6676-40DC-A81A-3FD0C45A8047", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, { lang: "es", value: "Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mediawiki-apb. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios.", }, ], id: "CVE-2019-19345", lastModified: "2024-11-21T04:34:37.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-20T15:15:13.293", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", versionEndIncluding: "3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "322F4274-7351-40C4-8D8E-8E26B89AA95C", versionEndIncluding: "1.582", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "1BA9E2A3-6D74-4DC8-846F-FCF5C5BE562B", versionEndIncluding: "1.565.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.", }, { lang: "es", value: "Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI.", }, ], id: "CVE-2014-3661", lastModified: "2024-11-21T02:08:36.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-16T19:55:07.910", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
redhat | openshift | 2.0 | |
sencha | connect | * | |
opensuse | opensuse | 13.1 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "884F5BE8-59F5-4502-9765-F3A3E505570F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sencha:connect:*:*:*:*:*:node.js:*:*", matchCriteriaId: "EA24CA89-4754-4FDF-8959-B7345FC1C34E", versionEndExcluding: "2.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware", }, { lang: "es", value: "node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect.", }, ], id: "CVE-2013-7370", lastModified: "2024-11-21T02:00:51.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-11T14:15:09.787", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/04/21/2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/05/13/1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-7370", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-7370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/04/21/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/05/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2013-7370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-7370", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-19348
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Openshift Enterprise | openshift/apb-base |
Version: Fixed in 4.3.5-202003020549 Version: Fixed in 4.2.21-202002240343 Version: Fixed in 4.1.37-202003021622 Version: Fixed in 3.11.188-4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:46.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/apb-base", vendor: "Openshift Enterprise", versions: [ { status: "affected", version: "Fixed in 4.3.5-202003020549", }, { status: "affected", version: "Fixed in 4.2.21-202002240343", }, { status: "affected", version: "Fixed in 4.1.37-202003021622", }, { status: "affected", version: "Fixed in 3.11.188-4", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-02T19:14:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-19348", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift/apb-base", version: { version_data: [ { version_value: "Fixed in 4.3.5-202003020549", }, { version_value: "Fixed in 4.2.21-202002240343", }, { version_value: "Fixed in 4.1.37-202003021622", }, { version_value: "Fixed in 3.11.188-4", }, ], }, }, ], }, vendor_name: "Openshift Enterprise", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], }, impact: { cvss: [ [ { vectorString: "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-266", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19348", datePublished: "2020-04-02T19:14:08", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:46.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5305
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1273969 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2015:1945 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.313Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", }, { name: "RHSA-2015:1945", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2015:1945", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-27T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-11-06T17:57:03", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", }, { name: "RHSA-2015:1945", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2015:1945", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5305", datePublished: "2015-11-06T18:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2403
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2101959 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2022-2403 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:39:07.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-2403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Openshift", vendor: "n/a", versions: [ { status: "affected", version: "Openshift 4.9 onwards", }, ], }, ], descriptions: [ { lang: "en", value: "A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-497", description: "CWE-497", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T20:28:25", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101959", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2022-2403", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-2403", datePublished: "2022-09-01T20:28:25", dateReserved: "2022-07-14T00:00:00", dateUpdated: "2024-08-03T00:39:07.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3708
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1094 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-19T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3708", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5647
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/origin-server/pull/1017 | x_refsource_CONFIRM | |
http://www.osvdb.org/89430 | vdb-entry, x_refsource_OSVDB | |
http://rhn.redhat.com/errata/RHSA-2013-0148.html | vendor-advisory, x_refsource_REDHAT | |
https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=888523 | x_refsource_MISC | |
http://www.securityfocus.com/bid/57189 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:16.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/pull/1017", }, { name: "89430", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/89430", }, { name: "RHSA-2013:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523", }, { name: "57189", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57189", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-24T21:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/pull/1017", }, { name: "89430", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/89430", }, { name: "RHSA-2013:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=888523", }, { name: "57189", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57189", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5647", datePublished: "2013-02-24T21:00:00Z", dateReserved: "2012-10-24T00:00:00Z", dateUpdated: "2024-08-06T21:14:16.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2149
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1064 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.741Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-12T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2149", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3711
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1064 | vendor-advisory, x_refsource_REDHAT | |
https://github.com/openshift/origin/pull/8334 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin/pull/8334", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-12T00:00:00", descriptions: [ { lang: "en", value: "HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the \"OPENSHIFT_[namespace]_SERVERID\" cookie.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin/pull/8334", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3711", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5325
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5325", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5325", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1806
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205620 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-27T00:00:00", descriptions: [ { lang: "en", value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1806", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1806", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3262
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:07:05.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "n/a", versions: [ { status: "affected", version: "4.9", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-453", description: "CWE-453", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-08T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3262", datePublished: "2022-12-08T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T01:07:05.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1807
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205622 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.383Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-27T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1807", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1807", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-6685
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/sparklemotion/nokogiri/issues/693 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | x_refsource_MISC | |
https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:36:01.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/sparklemotion/nokogiri/issues/693", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-06T00:00:00", descriptions: [ { lang: "en", value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-19T14:41:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/sparklemotion/nokogiri/issues/693", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-6685", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Nokogiri before 1.5.4 is vulnerable to XXE attacks", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/sparklemotion/nokogiri/issues/693", refsource: "CONFIRM", url: "https://github.com/sparklemotion/nokogiri/issues/693", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", }, { name: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", refsource: "CONFIRM", url: "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-6685", datePublished: "2020-02-19T14:41:27", dateReserved: "2015-01-05T00:00:00", dateUpdated: "2024-08-06T21:36:01.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3723
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3723", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3723", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2125
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/55381 | third-party-advisory, x_refsource_SECUNIA | |
http://www.ubuntu.com/usn/USN-1582-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/rubygems/rubygems/blob/1.8/History.txt | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-1203.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=814718 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/04/20/24 | mailing-list, x_refsource_MLIST | |
http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2013-1441.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-04-19T00:00:00", descriptions: [ { lang: "en", value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-07T13:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2125", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "55381", refsource: "SECUNIA", url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { name: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", refsource: "CONFIRM", url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2125", datePublished: "2013-10-01T17:00:00", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:26:08.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1257
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104260 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2018:1809 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:3768 | vendor-advisory, x_refsource_REDHAT | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | x_refsource_CONFIRM | |
https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | x_refsource_CONFIRM | |
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | x_refsource_MISC | |
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
https://pivotal.io/security/cve-2018-1257 | x_refsource_CONFIRM | |
https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Pivotal | Spring Framework |
Version: 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:49.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104260", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104260", }, { name: "RHSA-2018:1809", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1809", }, { name: "RHSA-2018:3768", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2018-1257", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Framework", vendor: "Pivotal", versions: [ { status: "affected", version: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17", }, ], }, ], datePublic: "2018-05-09T00:00:00", descriptions: [ { lang: "en", value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "ReDoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:00", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "104260", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104260", }, { name: "RHSA-2018:1809", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1809", }, { name: "RHSA-2018:3768", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2018-1257", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2018-05-09T00:00:00", ID: "CVE-2018-1257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Framework", version: { version_data: [ { version_value: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17", }, ], }, }, ], }, vendor_name: "Pivotal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "ReDoS", }, ], }, ], }, references: { reference_data: [ { name: "104260", refsource: "BID", url: "http://www.securityfocus.com/bid/104260", }, { name: "RHSA-2018:1809", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1809", }, { name: "RHSA-2018:3768", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://pivotal.io/security/cve-2018-1257", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2018-1257", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-1257", datePublished: "2018-05-11T20:00:00Z", dateReserved: "2017-12-06T00:00:00", dateUpdated: "2024-09-16T22:56:18.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14845
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2019:4101 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:4237 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:26:39.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845", }, { name: "RHSA-2019:4101", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4101", }, { name: "RHSA-2019:4237", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4237", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "Red Hat", versions: [ { status: "affected", version: "opneshift build 4.1 up to 4.3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-494", description: "CWE-494", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-20T01:06:04", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14845", }, { name: "RHSA-2019:4101", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4101", }, { name: "RHSA-2019:4237", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4237", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-14845", datePublished: "2019-10-08T18:43:24", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-08-05T00:26:39.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7370
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2013-7370 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 | x_refsource_MISC | |
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2013-7370 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/05/13/1 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/04/21/2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:01:20.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-7370", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2013-7370", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/05/13/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/04/21/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "< 2.8.1", }, ], }, ], descriptions: [ { lang: "en", value: "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware", }, ], problemTypes: [ { descriptions: [ { description: "in the Sencha Labs Connect middleware", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-11T14:01:12", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting", }, { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-7370", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2013-7370", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2014/05/13/1", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2014/04/21/2", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-7370", datePublished: "2019-12-11T13:55:37", dateReserved: "2014-04-21T00:00:00", dateUpdated: "2024-08-06T18:01:20.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-6135
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2012-6135 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/03/02/1 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/82533 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135 | x_refsource_CONFIRM | |
https://www.securityfocus.com/bid/58259 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | ruby-passenger | ruby-passenger |
Version: 4.0.53-1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:28:38.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-6135", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/02/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135", }, { name: "58259", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "https://www.securityfocus.com/bid/58259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ruby-passenger", vendor: "ruby-passenger", versions: [ { status: "affected", version: "4.0.53-1", }, ], }, ], datePublic: "2013-03-01T00:00:00", descriptions: [ { lang: "en", value: "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-19T16:56:41", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2012-6135", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2013/03/02/1", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135", }, { name: "58259", tags: [ "vdb-entry", "x_refsource_BID", ], url: "https://www.securityfocus.com/bid/58259", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-6135", datePublished: "2019-11-19T16:56:41", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T21:28:38.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-1485
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-1485 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2264106 | issue-tracking, x_refsource_REDHAT | |
https://github.com/advisories/GHSA-84xv-jfrm-h4gm | ||
https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d | ||
https://github.com/devfile/registry-support/pull/197 |
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 1.16.2 |
||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1485", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T20:39:09.253403Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:53.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:40:21.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2024-1485", }, { name: "RHBZ#2264106", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", }, { tags: [ "x_transferred", ], url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", }, { tags: [ "x_transferred", ], url: "https://github.com/devfile/registry-support/pull/197", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/devfile/registry-support", defaultStatus: "unaffected", packageName: "registry-support", versions: [ { status: "affected", version: "1.16.2", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ocp_tools", ], defaultStatus: "affected", packageName: "odo", product: "OpenShift Developer Tools and Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "openshift4/ose-console", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue.", }, ], datePublic: "2024-02-05T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "Relative Path Traversal", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T14:50:04.605Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-1485", }, { name: "RHBZ#2264106", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", }, { url: "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", }, { url: "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", }, { url: "https://github.com/devfile/registry-support/pull/197", }, ], timeline: [ { lang: "en", time: "2024-02-13T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2024-02-05T00:00:00+00:00", value: "Made public.", }, ], title: "Registry-support: decompress can delete files outside scope via relative paths", workarounds: [ { lang: "en", value: "Limit or block the parsing of devfiles from untrusted sources.", }, ], x_redhatCweChain: "CWE-349->CWE-23: Acceptance of Extraneous Untrusted Data With Trusted Data leads to Relative Path Traversal", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-1485", datePublished: "2024-02-13T23:31:14.427Z", dateReserved: "2024-02-13T21:47:23.979Z", dateUpdated: "2024-11-06T14:50:04.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40370
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028218 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.791Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028218", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40370", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-02T14:59:12.497018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-02T15:12:35.118Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.1", status: "affected", version: "21.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T21:57:37.071Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028218", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263470", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40370", datePublished: "2023-08-22T21:57:37.071Z", dateReserved: "2023-08-14T20:12:04.115Z", dateUpdated: "2024-10-02T15:12:35.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4364
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1009734 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-18T00:00:00", descriptions: [ { lang: "en", value: "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-08T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1009734", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4364", datePublished: "2018-01-08T19:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5326
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5326", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5326", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.293Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19350
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1793283 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift/ansible-service-broker |
Version: as shipped in Red Hat Openshift 4 and 3.11 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/ansible-service-broker", vendor: "n/a", versions: [ { status: "affected", version: "as shipped in Red Hat Openshift 4 and 3.11", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-24T15:36:09", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793283", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19350", datePublished: "2021-03-24T15:36:09", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1761
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1813788 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift/console |
Version: openshift/console-4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/console", vendor: "n/a", versions: [ { status: "affected", version: "openshift/console-4", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-358", description: "CWE-358", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-27T19:45:14", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift/console", version: { version_data: [ { version_value: "openshift/console-4", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-358", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1813788", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1761", datePublished: "2021-05-27T19:45:14", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43573
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6852655 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 20.12 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:32:59.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6852655", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThan: "21.0.6", status: "affected", version: "20.12", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.", }, ], value: "IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-05T17:39:23.656Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6852655", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238678", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43573", datePublished: "2023-01-05T17:39:23.656Z", dateReserved: "2022-10-20T20:12:57.788Z", dateUpdated: "2024-08-03T13:32:59.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10875
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:47.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2166", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2166", }, { name: "RHSA-2018:2152", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2152", }, { name: "RHSA-2018:2150", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2150", }, { name: "1041396", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041396", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", }, { name: "RHBA-2018:3788", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2018:3788", }, { name: "RHSA-2019:0054", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0054", }, { name: "RHSA-2018:2151", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2151", }, { name: "RHSA-2018:2321", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2321", }, { name: "RHSA-2018:2585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2585", }, { name: "DSA-4396", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4396", }, { name: "openSUSE-SU-2019:1125", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", }, { name: "USN-4072-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4072-1/", }, { name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ansible", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-06-29T00:00:00", descriptions: [ { lang: "en", value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-16T14:06:20", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2018:2166", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2166", }, { name: "RHSA-2018:2152", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2152", }, { name: "RHSA-2018:2150", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2150", }, { name: "1041396", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041396", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", }, { name: "RHBA-2018:3788", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2018:3788", }, { name: "RHSA-2019:0054", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0054", }, { name: "RHSA-2018:2151", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2151", }, { name: "RHSA-2018:2321", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2321", }, { name: "RHSA-2018:2585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2585", }, { name: "DSA-4396", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4396", }, { name: "openSUSE-SU-2019:1125", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", }, { name: "USN-4072-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4072-1/", }, { name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-10875", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ansible", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.", }, ], }, impact: { cvss: [ [ { vectorString: "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-426", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2166", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2166", }, { name: "RHSA-2018:2152", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2152", }, { name: "RHSA-2018:2150", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2150", }, { name: "1041396", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041396", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10875", }, { name: "RHBA-2018:3788", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2018:3788", }, { name: "RHSA-2019:0054", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0054", }, { name: "RHSA-2018:2151", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2151", }, { name: "RHSA-2018:2321", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2321", }, { name: "RHSA-2018:2585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2585", }, { name: "DSA-4396", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4396", }, { name: "openSUSE-SU-2019:1125", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html", }, { name: "USN-4072-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4072-1/", }, { name: "[debian-lts-announce] 20190916 [SECURITY] [DLA 1923-1] ansible security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10875", datePublished: "2018-07-13T22:00:00", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-08-05T07:46:47.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0068
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1064100 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift node-util |
Version: openshift node-util as shipped in Openshift Enterprise 1.x and 2.x |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:38.301Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift node-util", vendor: "n/a", versions: [ { status: "affected", version: "openshift node-util as shipped in Openshift Enterprise 1.x and 2.x", }, ], }, ], descriptions: [ { lang: "en", value: "It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-30T20:34:16", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1064100", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0068", datePublished: "2022-06-30T20:34:16", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:38.301Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5323
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5323", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5323", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42439
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6952435 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | App Connect Enterprise |
Version: 11.0.0.17 ≤ Version: 12.0.4.0 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:10:40.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6952435", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "App Connect Enterprise", vendor: "IBM", versions: [ { lessThan: "11.0.0.19", status: "affected", version: "11.0.0.17", versionType: "semver", }, { lessThan: "12.0.5.0", status: "affected", version: "12.0.4.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.</span>\n\n", }, ], value: "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-17T16:10:51.689Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6952435", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211", }, ], source: { discovery: "UNKNOWN", }, title: "IBM App Connect Enterprise information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-42439", datePublished: "2023-02-06T20:25:26.204Z", dateReserved: "2022-10-06T15:51:26.500Z", dateUpdated: "2024-08-03T13:10:40.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8631
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94110 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2016:2696 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | Openshift Enterprise |
Version: 3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:41.243Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94110", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94110", }, { name: "RHSA-2016:2696", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:2696", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Openshift Enterprise", vendor: "Red Hat", versions: [ { status: "affected", version: "3", }, ], }, ], datePublic: "2016-11-01T00:00:00", descriptions: [ { lang: "en", value: "The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-01T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "94110", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94110", }, { name: "RHSA-2016:2696", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:2696", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-8631", datePublished: "2018-07-31T20:00:00", dateReserved: "2016-10-12T00:00:00", dateUpdated: "2024-08-06T02:27:41.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5736
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { name: "RHSA-2019:0408", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { tags: [ "x_transferred", ], url: "https://github.com/rancher/runc-cve", }, { name: "RHSA-2019:0401", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { tags: [ "x_transferred", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { name: "RHSA-2019:0303", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { tags: [ "x_transferred", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { name: "46359", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46359/", }, { tags: [ "x_transferred", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { tags: [ "x_transferred", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { name: "46369", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46369/", }, { name: "RHSA-2019:0304", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { tags: [ "x_transferred", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { tags: [ "x_transferred", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { tags: [ "x_transferred", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { name: "106976", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/106976", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { tags: [ "x_transferred", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { tags: [ "x_transferred", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { name: "openSUSE-SU-2019:1079", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "FEDORA-2019-bc70b381ad", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { name: "FEDORA-2019-6174b47003", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { tags: [ "x_transferred", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { name: "RHSA-2019:0975", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { tags: [ "x_transferred", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { tags: [ "x_transferred", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:1444", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { name: "openSUSE-SU-2019:1499", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { name: "openSUSE-SU-2019:1506", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "USN-4048-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4048-1/", }, { name: "openSUSE-SU-2019:2021", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { name: "FEDORA-2019-2baa1f7b19", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { name: "FEDORA-2019-c1dac1b3b8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:2245", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { name: "openSUSE-SU-2019:2286", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "GLSA-202003-21", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-21", }, { name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-11T00:00:00", descriptions: [ { lang: "en", value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T12:06:25.591627", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { name: "RHSA-2019:0408", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { url: "https://github.com/rancher/runc-cve", }, { name: "RHSA-2019:0401", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { name: "RHSA-2019:0303", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { url: "https://github.com/q3k/cve-2019-5736-poc", }, { name: "46359", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46359/", }, { url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { name: "46369", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46369/", }, { name: "RHSA-2019:0304", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { name: "106976", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/106976", }, { url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { name: "openSUSE-SU-2019:1079", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "FEDORA-2019-bc70b381ad", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { name: "FEDORA-2019-6174b47003", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { name: "RHSA-2019:0975", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:1444", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { name: "openSUSE-SU-2019:1499", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { name: "openSUSE-SU-2019:1506", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "USN-4048-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { name: "openSUSE-SU-2019:2021", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { name: "FEDORA-2019-2baa1f7b19", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { name: "FEDORA-2019-c1dac1b3b8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:2245", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { name: "openSUSE-SU-2019:2286", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "GLSA-202003-21", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-5736", datePublished: "2019-02-11T00:00:00", dateReserved: "2019-01-08T00:00:00", dateUpdated: "2024-08-04T20:01:52.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20578
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6493729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/199282 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Security |
Version: 1.7.0.0 Version: 1.7.1.0 Version: 1.7.2.0 Version: 1.8.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202120578-improper-auth (199282)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cloud Pak for Security", vendor: "IBM", versions: [ { status: "affected", version: "1.7.0.0", }, { status: "affected", version: "1.7.1.0", }, { status: "affected", version: "1.7.2.0", }, { status: "affected", version: "1.8.0.0", }, ], }, ], datePublic: "2021-09-29T00:00:00", descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:L/AC:L/PR:N/A:N/I:L/AV:A/S:U/UI:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Access", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-30T16:20:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202120578-improper-auth (199282)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-09-29T00:00:00", ID: "CVE-2021-20578", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cloud Pak for Security", version: { version_data: [ { version_value: "1.7.0.0", }, { version_value: "1.7.1.0", }, { version_value: "1.7.2.0", }, { version_value: "1.8.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "A", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Access", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6493729", refsource: "CONFIRM", title: "IBM Security Bulletin 6493729 (Cloud Pak for Security)", url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202120578-improper-auth (199282)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199282", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20578", datePublished: "2021-09-30T16:20:16.598071Z", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-09-17T00:31:00.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7537
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-7537", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7537", datePublished: "2016-02-03T15:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1813
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205615 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-23T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1813", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1813", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5321
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5321", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5321", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2142
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1038 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1038", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1038", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1038", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2142", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29912
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6505283 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/207828 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Security |
Version: 1.7.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6505283", }, { name: "ibm-drm-cve202129912-xss (207828)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cloud Pak for Security", vendor: "IBM", versions: [ { status: "affected", version: "1.7.0.0", }, ], }, ], datePublic: "2021-10-18T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/PR:L/AC:L/I:L/UI:R/C:L/S:C/A:N/RC:C/E:H/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-19T15:15:14", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6505283", }, { name: "ibm-drm-cve202129912-xss (207828)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-18T00:00:00", ID: "CVE-2021-29912", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cloud Pak for Security", version: { version_data: [ { version_value: "1.7.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6505283", refsource: "CONFIRM", title: "IBM Security Bulletin 6505283 (Cloud Pak for Security)", url: "https://www.ibm.com/support/pages/node/6505283", }, { name: "ibm-drm-cve202129912-xss (207828)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207828", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29912", datePublished: "2021-10-19T15:15:14.541857Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T23:11:09.698Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7534
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/103754 | vdb-entry, x_refsource_BID | |
https://bugzilla.redhat.com/show_bug.cgi?id=1443003 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | Openshift |
Version: 3.x |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:04:11.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "103754", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103754", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Openshift", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "3.x", }, ], }, ], datePublic: "2018-04-10T00:00:00", descriptions: [ { lang: "en", value: "OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-17T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "103754", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103754", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1443003", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-7534", datePublished: "2018-04-11T19:00:00Z", dateReserved: "2017-04-05T00:00:00", dateUpdated: "2024-08-05T16:04:11.828Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1059
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2524 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:2102 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/cve-2018-1059 | x_refsource_MISC | |
https://usn.ubuntu.com/3642-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:2038 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/3642-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:1267 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1544298 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | DPDK |
Version: before 18.02.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:11.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2524", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2524", }, { name: "RHSA-2018:2102", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2102", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2018-1059", }, { name: "USN-3642-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3642-2/", }, { name: "RHSA-2018:2038", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2038", }, { name: "USN-3642-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3642-1/", }, { name: "RHSA-2018:1267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1267", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DPDK", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "before 18.02.1", }, ], }, ], datePublic: "2018-04-23T00:00:00", descriptions: [ { lang: "en", value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-21T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2018:2524", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2524", }, { name: "RHSA-2018:2102", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2102", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2018-1059", }, { name: "USN-3642-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3642-2/", }, { name: "RHSA-2018:2038", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2038", }, { name: "USN-3642-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3642-1/", }, { name: "RHSA-2018:1267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1267", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2018-04-23T00:00:00", ID: "CVE-2018-1059", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DPDK", version: { version_data: [ { version_value: "before 18.02.1", }, ], }, }, ], }, vendor_name: "Red Hat, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2524", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2524", }, { name: "RHSA-2018:2102", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2102", }, { name: "https://access.redhat.com/security/cve/cve-2018-1059", refsource: "MISC", url: "https://access.redhat.com/security/cve/cve-2018-1059", }, { name: "USN-3642-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3642-2/", }, { name: "RHSA-2018:2038", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2038", }, { name: "USN-3642-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3642-1/", }, { name: "RHSA-2018:1267", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1267", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1544298", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1059", datePublished: "2018-04-24T18:00:00Z", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-09-17T00:46:47.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1808
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205623 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-27T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205623", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1808", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.322Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14645
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3780-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2018:2882 | vendor-advisory, x_refsource_REDHAT | |
https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHBA-2019:0028 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:38:12.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3780-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3780-1/", }, { name: "RHSA-2018:2882", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2882", }, { name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", }, { name: "RHBA-2019:0028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "haproxy", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "1.8.14", }, ], }, ], datePublic: "2018-09-20T00:00:00", descriptions: [ { lang: "en", value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-23T07:06:04", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-3780-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3780-1/", }, { name: "RHSA-2018:2882", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2882", }, { name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", }, { name: "RHBA-2019:0028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0028", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-14645", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "haproxy", version: { version_data: [ { version_value: "1.8.14", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.", }, ], }, impact: { cvss: [ [ { vectorString: "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "USN-3780-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3780-1/", }, { name: "RHSA-2018:2882", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2882", }, { name: "[haproxy] 20180920 [ANNOUNCE] haproxy-1.8.14 - Security Update", refsource: "MLIST", url: "https://www.mail-archive.com/haproxy@formilux.org/msg31253.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645", }, { name: "RHBA-2019:0028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0028", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-14645", datePublished: "2018-09-21T13:00:00", dateReserved: "2018-07-27T00:00:00", dateUpdated: "2024-08-05T09:38:12.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4561
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1029652 | x_refsource_MISC | |
https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift-origin-msg-node-mcollective |
Version: openshift-origin-msg-node-mcollective as shipped with Red Hat OpenShift Online and OpenShift Enterprise 1.x. |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:15.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift-origin-msg-node-mcollective", vendor: "n/a", versions: [ { status: "affected", version: "openshift-origin-msg-node-mcollective as shipped with Red Hat OpenShift Online and OpenShift Enterprise 1.x.", }, ], }, ], descriptions: [ { lang: "en", value: "In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-377", description: "CWE-377", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-30T18:40:58", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1029652", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/openshift/origin-server/commit/f1abe972794e35a4bfba597694ce829990f14d39", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4561", datePublished: "2022-06-30T18:40:58", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:15.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5409
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1366461 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/97988 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:01:00.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", }, { name: "97988", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97988", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-12T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-26T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1366461", }, { name: "97988", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97988", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-5409", datePublished: "2017-04-20T17:00:00", dateReserved: "2016-06-10T00:00:00", dateUpdated: "2024-08-06T01:01:00.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29894
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6493729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/207320 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Security |
Version: 1.7.0.0 Version: 1.7.1.0 Version: 1.7.2.0 Version: 1.8.0.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202129894-info-disc (207320)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cloud Pak for Security", vendor: "IBM", versions: [ { status: "affected", version: "1.7.0.0", }, { status: "affected", version: "1.7.1.0", }, { status: "affected", version: "1.7.2.0", }, { status: "affected", version: "1.8.0.0", }, ], }, ], datePublic: "2021-09-29T00:00:00", descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/PR:N/AC:H/I:N/A:N/S:U/UI:N/AV:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-30T16:20:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202129894-info-disc (207320)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-09-29T00:00:00", ID: "CVE-2021-29894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cloud Pak for Security", version: { version_data: [ { version_value: "1.7.0.0", }, { version_value: "1.7.1.0", }, { version_value: "1.7.2.0", }, { version_value: "1.8.0.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6493729", refsource: "CONFIRM", title: "IBM Security Bulletin 6493729 (Cloud Pak for Security)", url: "https://www.ibm.com/support/pages/node/6493729", }, { name: "ibm-cp4s-cve202129894-info-disc (207320)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207320", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29894", datePublished: "2021-09-30T16:20:18.227248Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:52:47.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41731
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6890729 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/237402 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Watson Knowledge Catalog on-prem |
Version: 4.5.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6890729", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Watson Knowledge Catalog on-prem", vendor: "IBM", versions: [ { status: "affected", version: "4.5.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.", }, ], value: "IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-12T01:45:42.615671Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6890729", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/237402", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Watson Knowledge Catalog on Cloud Pak SQL injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-41731", datePublished: "2023-02-06T20:09:15.879Z", dateReserved: "2022-09-28T17:18:53.375Z", dateUpdated: "2024-08-03T12:49:43.943Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4125
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2033121 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2021-4125 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2021-44228 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2021-45046 | x_refsource_MISC | |
https://github.com/kube-reporting/hive/pull/71 | x_refsource_MISC | |
https://github.com/kube-reporting/hive/pull/72 | x_refsource_MISC | |
https://github.com/kube-reporting/hive/pull/73 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | kube-reporting/hive |
Version: Fixed in v4.8, v4.7 and v4.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:04.248Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-4125", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-44228", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-45046", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kube-reporting/hive/pull/71", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kube-reporting/hive/pull/72", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kube-reporting/hive/pull/73", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kube-reporting/hive", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in v4.8, v4.7 and v4.6", }, ], }, ], descriptions: [ { lang: "en", value: "It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 - Improper Input Validation, CWE-502 - Deserialization of Untrusted Data, CWE-400 - Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-24T15:09:17", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033121", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2021-4125", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2021-44228", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2021-45046", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kube-reporting/hive/pull/71", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kube-reporting/hive/pull/72", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kube-reporting/hive/pull/73", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-4125", datePublished: "2022-08-24T15:09:17", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-08-03T17:16:04.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3884
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | atomic-openshift |
Version: 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.666Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "atomic-openshift", vendor: "Red Hat", versions: [ { status: "affected", version: "3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-01T13:20:50", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-3884", datePublished: "2019-08-01T13:20:50", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-08-04T19:19:18.666Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5418
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:00:59.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", }, { name: "RHSA-2016:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1852", }, { name: "RHSA-2016:1853", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1853", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", }, { name: "RHSA-2016:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libarchive/libarchive/issues/746", }, { name: "RHSA-2016:1850", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html", }, { name: "GLSA-201701-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-03", }, { name: "93165", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93165", }, { name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/08/09/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-09T00:00:00", descriptions: [ { lang: "en", value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-06-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", }, { name: "RHSA-2016:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1852", }, { name: "RHSA-2016:1853", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1853", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", }, { name: "RHSA-2016:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libarchive/libarchive/issues/746", }, { name: "RHSA-2016:1850", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html", }, { name: "GLSA-201701-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-03", }, { name: "93165", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93165", }, { name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/08/09/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-5418", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", }, { name: "RHSA-2016:1852", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1852", }, { name: "RHSA-2016:1853", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1853", }, { name: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", refsource: "CONFIRM", url: "https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9", }, { name: "RHSA-2016:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1844.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", }, { name: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", refsource: "MISC", url: "https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f", }, { name: "https://github.com/libarchive/libarchive/issues/746", refsource: "CONFIRM", url: "https://github.com/libarchive/libarchive/issues/746", }, { name: "RHSA-2016:1850", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1850.html", }, { name: "GLSA-201701-03", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-03", }, { name: "93165", refsource: "BID", url: "http://www.securityfocus.com/bid/93165", }, { name: "[oss-security] 20160809 FreeBSD update components vulns (libarchive, bsdiff, portsnap)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/08/09/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-5418", datePublished: "2016-09-21T14:00:00", dateReserved: "2016-06-10T00:00:00", dateUpdated: "2024-08-06T01:00:59.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7561
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/kubernetes/kubernetes/pull/18909 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/18909", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-15T00:00:00", descriptions: [ { lang: "en", value: "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/kubernetes/pull/18909", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1291963", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7561", datePublished: "2017-08-07T17:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7528
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/origin/pull/6113 | x_refsource_CONFIRM | |
https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-2615.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2015:2544 | vendor-advisory, x_refsource_REDHAT | |
https://github.com/kubernetes/kubernetes/pull/17886 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.486Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin/pull/6113", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5", }, { name: "RHSA-2015:2615", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html", }, { name: "RHSA-2015:2544", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2015:2544", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/17886", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-10T00:00:00", descriptions: [ { lang: "en", value: "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-04-11T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin/pull/6113", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5", }, { name: "RHSA-2015:2615", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2615.html", }, { name: "RHSA-2015:2544", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2015:2544", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/kubernetes/pull/17886", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7528", datePublished: "2016-04-11T21:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0196
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2013-0196 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | OpenShift | OpenShift Enterprise |
Version: 1.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2013-0196", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift Enterprise", vendor: "OpenShift", versions: [ { status: "affected", version: "1.2", }, ], }, ], descriptions: [ { lang: "en", value: "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Request Forgery ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-30T21:17:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2013-0196", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0196", datePublished: "2019-12-30T21:17:02", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0164
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
https://github.com/openshift/origin-server/pull/1136 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=893307 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2", }, { name: "RHSA-2013:0220", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/pull/1136", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-24T22:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2", }, { name: "RHSA-2013:0220", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/pull/1136", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=893307", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0164", datePublished: "2013-02-24T22:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-08-06T14:18:09.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43922
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6857807 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/241583 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | App Connect Enterprise Certified Container |
Version: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6857807", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "App Connect Enterprise Certified Container", vendor: "IBM", versions: [ { status: "affected", version: "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.", }, ], value: "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "328 Reversible One-Way Hash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-01T17:32:29.171Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6857807", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583", }, ], source: { discovery: "UNKNOWN", }, title: "IBM App Connect Enterprise Certified Container information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43922", datePublished: "2023-02-01T17:32:29.171Z", dateReserved: "2022-10-26T15:46:22.848Z", dateUpdated: "2024-08-03T13:40:06.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3664
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1147765 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/96973 | vdb-entry, x_refsource_XF | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:17.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", }, { name: "jenkins-cve20143664-dir-traversal(96973)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-01T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147765", }, { name: "jenkins-cve20143664-dir-traversal(96973)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96973", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3664", datePublished: "2014-10-15T14:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:17.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35900
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7010895 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7.4 Version: 23.0.0 ≤ 23.0.5 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:39.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7010895", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35900", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T14:07:44.408091Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T14:09:24.300Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.4", status: "affected", version: "21.0.0", versionType: "semver", }, { lessThanOrEqual: "23.0.5", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.", }, ], value: "IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T00:58:53.912Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7010895", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259368", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-35900", datePublished: "2023-07-19T00:58:53.912Z", dateReserved: "2023-06-20T02:24:31.593Z", dateUpdated: "2024-10-21T14:09:24.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35901
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7012317 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7.6 Version: 23.0.0 ≤ 23.0.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:40.055Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7012317", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35901", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T13:51:19.557944Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T13:58:28.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.6", status: "affected", version: "21.0.0", versionType: "semver", }, { lessThanOrEqual: "23.0.6", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.", }, ], value: "IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-16T23:31:39.325Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7012317", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/259380", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation security bypass", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-35901", datePublished: "2023-07-16T23:31:39.325Z", dateReserved: "2023-06-20T02:24:31.593Z", dateUpdated: "2024-10-22T13:58:28.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7501
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.224Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0040", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html", }, { name: "RHSA-2015:2670", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html", }, { name: "RHSA-2015:2501", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html", }, { name: "RHSA-2015:2517", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html", }, { name: "78215", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/78215", }, { name: "1034097", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1034097", }, { name: "RHSA-2015:2671", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html", }, { name: "1037052", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1037052", }, { name: "1037640", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1037640", }, { name: "RHSA-2015:2522", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html", }, { name: "RHSA-2015:2521", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html", }, { name: "RHSA-2015:2516", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html", }, { name: "RHSA-2015:2500", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html", }, { name: "RHSA-2015:2514", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html", }, { name: "RHSA-2015:2502", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html", }, { name: "RHSA-2015:2536", tags: [ "vendor-advisory", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "RHSA-2015:2524", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html", }, { name: "1037053", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1037053", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/solutions/2045023", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/2059393", }, { tags: [ "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240216-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-06T00:00:00", descriptions: [ { lang: "en", value: "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-16T13:06:08.221728", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0040", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0040.html", }, { name: "RHSA-2015:2670", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2670.html", }, { name: "RHSA-2015:2501", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2501.html", }, { name: "RHSA-2015:2517", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2517.html", }, { name: "78215", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/78215", }, { name: "1034097", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1034097", }, { name: "RHSA-2015:2671", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2671.html", }, { name: "1037052", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1037052", }, { name: "1037640", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1037640", }, { name: "RHSA-2015:2522", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2522.html", }, { name: "RHSA-2015:2521", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2521.html", }, { name: "RHSA-2015:2516", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2516.html", }, { name: "RHSA-2015:2500", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2500.html", }, { name: "RHSA-2015:2514", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2514.html", }, { name: "RHSA-2015:2502", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2502.html", }, { name: "RHSA-2015:2536", tags: [ "vendor-advisory", ], url: "https://rhn.redhat.com/errata/RHSA-2015-2536.html", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "RHSA-2015:2524", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2524.html", }, { name: "1037053", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1037053", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1279330", }, { url: "https://access.redhat.com/solutions/2045023", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { url: "https://access.redhat.com/security/vulnerabilities/2059393", }, { url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://security.netapp.com/advisory/ntap-20240216-0010/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7501", datePublished: "2017-11-09T00:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.224Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0163
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2014-0163 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:38.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2014-0163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Openshift", vendor: "Openshift", versions: [ { status: "affected", version: "through 2014-04-03", }, ], }, ], descriptions: [ { lang: "en", value: "Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.", }, ], problemTypes: [ { descriptions: [ { description: "Multiple shell command injection flaws", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-11T15:33:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0163", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2014-0163", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0163", datePublished: "2019-12-11T15:33:33", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:38.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0791
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0711 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.037Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-25T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0791", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0791", datePublished: "2016-04-07T23:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2103
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2013-2103 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | OpenShift cartridge | OpenShift cartridge |
Version: through 2013-05-17 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:40.659Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2013-2103", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift cartridge", vendor: "OpenShift cartridge", versions: [ { status: "affected", version: "through 2013-05-17", }, ], }, ], descriptions: [ { lang: "en", value: "OpenShift cartridge allows remote URL retrieval", }, ], problemTypes: [ { descriptions: [ { description: "remote URL retrieval", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-03T13:11:05", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2103", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2013-2103", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2103", datePublished: "2019-12-03T13:11:05", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:27:40.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2119
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=892813 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-1136.html | vendor-advisory, x_refsource_REDHAT | |
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | x_refsource_CONFIRM | |
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:40.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-05-29T00:00:00", descriptions: [ { lang: "en", value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-02T20:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2119", datePublished: "2014-01-02T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:27:40.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38733
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028223 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7.1 Version: 23.0.0 ≤ 23.0.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028223", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38733", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T15:13:36.389729Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T15:53:45.988Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.1", status: "affected", version: "21.0.0", versionType: "semver", }, { lessThanOrEqual: "23.0.1", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T21:54:14.033Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028223", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262293", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38733", datePublished: "2023-08-22T21:54:14.033Z", dateReserved: "2023-07-25T00:01:17.449Z", dateUpdated: "2024-10-01T15:53:45.988Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0175
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2014-0175 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2014-0175 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | mcollective | mcollective |
Version: 2.6.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2014-0175", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2014-0175", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "mcollective", vendor: "mcollective", versions: [ { status: "affected", version: "2.6.0", }, ], }, ], descriptions: [ { lang: "en", value: "mcollective has a default password set at install", }, ], problemTypes: [ { descriptions: [ { description: "password set at install", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-13T12:40:38", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2014-0175", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2014-0175", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0175", datePublished: "2019-12-13T12:40:38", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5322
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5322", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.367Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38734
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028227 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7.1 Version: 23.0.0 ≤ 23.0.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.808Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028227", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "robotic_process_automation", vendor: "ibm", versions: [ { lessThanOrEqual: "21.0.7.1", status: "affected", version: "21.0.0", versionType: "semver", }, { lessThanOrEqual: "23.0.1", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-38734", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:26:45.892668Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T13:28:27.675Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.1", status: "affected", version: "21.0.0", versionType: "semver", }, { lessThanOrEqual: "23.0.1", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "266 Incorrect Privilege Assignment", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T21:18:08.392Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028227", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262481", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation privilege escalation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38734", datePublished: "2023-08-22T21:18:08.392Z", dateReserved: "2023-07-25T00:01:17.449Z", dateUpdated: "2024-10-03T13:28:27.675Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5274
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-1808.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2015:1808", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-16T00:00:00", descriptions: [ { lang: "en", value: "rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-09-18T13:57:03", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2015:1808", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1808.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5274", datePublished: "2015-09-18T14:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7517
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Hawkular Metrics |
Version: Hawkular Metrics as shipped in Red Hat Openshift 3.x |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:04:11.756Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2017-7517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Hawkular Metrics", vendor: "n/a", versions: [ { status: "affected", version: "Hawkular Metrics as shipped in Red Hat Openshift 3.x", }, ], }, ], descriptions: [ { lang: "en", value: "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1470414", }, { url: "https://access.redhat.com/security/cve/CVE-2017-7517", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-7517", datePublished: "2022-10-17T00:00:00", dateReserved: "2017-04-05T00:00:00", dateUpdated: "2024-08-05T16:04:11.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5622
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=883227 | x_refsource_MISC | |
http://rhn.redhat.com/errata/RHSA-2012-1555.html | vendor-advisory, x_refsource_REDHAT | |
http://osvdb.org/88333 | vdb-entry, x_refsource_OSVDB | |
https://github.com/openshift/origin-server/pull/1009 | x_refsource_CONFIRM | |
https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:16.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227", }, { name: "RHSA-2012:1555", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html", }, { name: "88333", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/88333", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/pull/1009", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-12-18T01:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883227", }, { name: "RHSA-2012:1555", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1555.html", }, { name: "88333", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/88333", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/pull/1009", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/commit/1ad0d1d792395306b59a34ad7b6e7e89a35d041e", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5622", datePublished: "2012-12-18T01:00:00Z", dateReserved: "2012-10-24T00:00:00Z", dateUpdated: "2024-08-06T21:14:16.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0164
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0461.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-0460.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html", }, { name: "RHSA-2014:0460", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-01T00:00:00", descriptions: [ { lang: "en", value: "openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-05-05T16:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2014:0461", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0461.html", }, { name: "RHSA-2014:0460", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0460.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0164", datePublished: "2014-05-05T17:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0788
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0711 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-25T00:00:00", descriptions: [ { lang: "en", value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0788", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0788", datePublished: "2016-04-07T23:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38732
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028221 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/262289 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 21.0.0 ≤ 21.0.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7028221", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38732", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T15:20:15.941301Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T16:03:30.784Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7", status: "affected", version: "21.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T13:13:42.214Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7028221", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262289", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38732", datePublished: "2023-08-22T13:13:42.214Z", dateReserved: "2023-07-25T00:01:06.101Z", dateUpdated: "2024-10-01T16:03:30.784Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2186
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:40.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html", }, { name: "RHSA-2013:1429", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { name: "apache-commons-cve20132186-file-overrwite(88133)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133", }, { name: "openSUSE-SU-2013:1571", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { name: "55716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55716", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { name: "openSUSE-SU-2013:1596", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html", }, { name: "SUSE-SU-2013:1660", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html", }, { name: "RHSA-2013:1428", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html", }, { name: "DSA-2827", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2827", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { name: "RHSA-2013:1442", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html", }, { name: "RHSA-2013:1448", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2016-23", }, { name: "63174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/63174", }, { name: "USN-2029-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2029-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-15T00:00:00", descriptions: [ { lang: "en", value: "The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-08T21:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:1430", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1430.html", }, { name: "RHSA-2013:1429", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1429.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { name: "apache-commons-cve20132186-file-overrwite(88133)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/88133", }, { name: "openSUSE-SU-2013:1571", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { name: "55716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55716", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { name: "openSUSE-SU-2013:1596", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html", }, { name: "SUSE-SU-2013:1660", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html", }, { name: "RHSA-2013:1428", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1428.html", }, { name: "DSA-2827", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2827", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { name: "RHSA-2013:1442", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1442.html", }, { name: "RHSA-2013:1448", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1448.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2016-23", }, { name: "63174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/63174", }, { name: "USN-2029-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2029-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2186", datePublished: "2013-10-28T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:27:40.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-2611
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://jenkins.io/security/advisory/2017-02-01/ | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95956 | vdb-entry, x_refsource_BID | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611 | x_refsource_CONFIRM | |
https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | jenkins |
Version: jenkins 2.44 Version: jenkins 2.32.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:02:06.500Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://jenkins.io/security/advisory/2017-02-01/", }, { name: "95956", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95956", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jenkins", vendor: "unspecified", versions: [ { status: "affected", version: "jenkins 2.44", }, { status: "affected", version: " jenkins 2.32.2", }, ], }, ], datePublic: "2017-02-01T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-358", description: "CWE-358", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-09T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://jenkins.io/security/advisory/2017-02-01/", }, { name: "95956", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95956", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2017-2611", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "jenkins", version: { version_data: [ { version_value: "jenkins 2.44", }, { version_value: " jenkins 2.32.2", }, ], }, }, ], }, vendor_name: "", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents.", }, ], }, impact: { cvss: [ [ { vectorString: "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-358", }, ], }, ], }, references: { reference_data: [ { name: "https://jenkins.io/security/advisory/2017-02-01/", refsource: "CONFIRM", url: "https://jenkins.io/security/advisory/2017-02-01/", }, { name: "95956", refsource: "BID", url: "http://www.securityfocus.com/bid/95956", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", }, { name: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", refsource: "CONFIRM", url: "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-2611", datePublished: "2018-05-08T18:00:00", dateReserved: "2016-12-01T00:00:00", dateUpdated: "2024-08-05T14:02:06.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5766
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:15:09.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.php.net/bug.php?id=72339", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://libgd.github.io/release-2.2.3.html", }, { name: "openSUSE-SU-2016:1761", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html", }, { name: "openSUSE-SU-2016:1922", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "RHSA-2016:2598", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://php.net/ChangeLog-5.php", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", }, { name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/4", }, { name: "GLSA-201612-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201612-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://php.net/ChangeLog-7.php", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", }, { name: "DSA-3619", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3619", }, { name: "SUSE-SU-2016:2013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html", }, { name: "USN-3030-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3030-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-23T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.php.net/bug.php?id=72339", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://libgd.github.io/release-2.2.3.html", }, { name: "openSUSE-SU-2016:1761", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html", }, { name: "openSUSE-SU-2016:1922", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", }, { name: "RHSA-2016:2750", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "RHSA-2016:2598", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://php.net/ChangeLog-5.php", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", }, { name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/23/4", }, { name: "GLSA-201612-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201612-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://php.net/ChangeLog-7.php", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", }, { name: "DSA-3619", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3619", }, { name: "SUSE-SU-2016:2013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html", }, { name: "USN-3030-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3030-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5766", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.php.net/bug.php?id=72339", refsource: "CONFIRM", url: "https://bugs.php.net/bug.php?id=72339", }, { name: "https://libgd.github.io/release-2.2.3.html", refsource: "CONFIRM", url: "https://libgd.github.io/release-2.2.3.html", }, { name: "openSUSE-SU-2016:1761", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html", }, { name: "openSUSE-SU-2016:1922", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html", }, { name: "RHSA-2016:2750", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2750.html", }, { name: "RHSA-2016:2598", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2598.html", }, { name: "http://php.net/ChangeLog-5.php", refsource: "CONFIRM", url: "http://php.net/ChangeLog-5.php", }, { name: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", refsource: "CONFIRM", url: "http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1", }, { name: "[oss-security] 20160623 Re: CVE for PHP 5.5.37 issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/23/4", }, { name: "GLSA-201612-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201612-09", }, { name: "http://php.net/ChangeLog-7.php", refsource: "CONFIRM", url: "http://php.net/ChangeLog-7.php", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731", }, { name: "DSA-3619", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3619", }, { name: "SUSE-SU-2016:2013", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html", }, { name: "USN-3030-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3030-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5766", datePublished: "2016-08-07T10:00:00", dateReserved: "2016-06-23T00:00:00", dateUpdated: "2024-08-06T01:15:09.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22592
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6855839 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation for Cloud Pak |
Version: 21.0.1 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.005Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6855839", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation for Cloud Pak", vendor: "IBM", versions: [ { lessThan: "21.0.4", status: "affected", version: "21.0.1", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "280 Improper Handling of Insufficient Permissions or Privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-18T18:33:47.025Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6855839", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244073", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation for Cloud Pak insufficient permission settings", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22592", datePublished: "2023-01-18T18:33:47.025Z", dateReserved: "2023-01-03T19:19:41.133Z", dateUpdated: "2024-08-02T10:13:49.005Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5646
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=888518 | x_refsource_MISC | |
https://github.com/openshift/origin-server/pull/1017 | x_refsource_CONFIRM | |
http://www.osvdb.org/89431 | vdb-entry, x_refsource_OSVDB | |
http://rhn.redhat.com/errata/RHSA-2013-0148.html | vendor-advisory, x_refsource_REDHAT | |
https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/57189 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:16.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/pull/1017", }, { name: "89431", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/89431", }, { name: "RHSA-2013:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { name: "57189", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57189", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-24T21:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=888518", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/pull/1017", }, { name: "89431", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/89431", }, { name: "RHSA-2013:0148", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0148.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", }, { name: "57189", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57189", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5646", datePublished: "2013-02-24T21:00:00Z", dateReserved: "2012-10-24T00:00:00Z", dateUpdated: "2024-08-06T21:14:16.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3738
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1094 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-19T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3738", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3681
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 | vdb-entry, x_refsource_XF | |
https://bugzilla.redhat.com/show_bug.cgi?id=1147766 | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.261Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "jenkins-cve20143681-xss(96975)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-01T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "jenkins-cve20143681-xss(96975)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/96975", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1147766", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3681", datePublished: "2014-10-15T14:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.261Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4239
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10886591 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/159465 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | IBM | MQ Advanced Cloud Pak (IBM Cloud Private) |
Version: 1.0.0 Version: 1.1.0 Version: 1.2.0 Version: 1.3.0 Version: 2.0.0 Version: 2.1.0 Version: 2.2.0 Version: 2.2.1 Version: 2.2.2 Version: 2.2.3 Version: 3.0.0 Version: 3.0.1 |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", }, { name: "ibm-mq-cve20194239-info-disc (159465)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MQ Advanced Cloud Pak (IBM Cloud Private)", vendor: "IBM", versions: [ { status: "affected", version: "1.0.0", }, { status: "affected", version: "1.1.0", }, { status: "affected", version: "1.2.0", }, { status: "affected", version: "1.3.0", }, { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, ], }, { product: "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)", vendor: "IBM", versions: [ { status: "affected", version: "1.0.0", }, { status: "affected", version: "1.1.0", }, { status: "affected", version: "1.2.0", }, { status: "affected", version: "1.3.0", }, { status: "affected", version: "2.0.0", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.2.0", }, { status: "affected", version: "2.2.1", }, { status: "affected", version: "2.2.2", }, { status: "affected", version: "2.2.3", }, { status: "affected", version: "3.0.0", }, { status: "affected", version: "3.0.1", }, ], }, ], datePublic: "2019-06-07T00:00:00", descriptions: [ { lang: "en", value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/A:N/S:U/AV:L/I:N/AC:L/UI:N/C:H/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-14T14:45:17", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", }, { name: "ibm-mq-cve20194239-info-disc (159465)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-07T00:00:00", ID: "CVE-2019-4239", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MQ Advanced Cloud Pak (IBM Cloud Private)", version: { version_data: [ { version_value: "1.0.0", }, { version_value: "1.1.0", }, { version_value: "1.2.0", }, { version_value: "1.3.0", }, { version_value: "2.0.0", }, { version_value: "2.1.0", }, { version_value: "2.2.0", }, { version_value: "2.2.1", }, { version_value: "2.2.2", }, { version_value: "2.2.3", }, { version_value: "3.0.0", }, { version_value: "3.0.1", }, ], }, }, { product_name: "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)", version: { version_data: [ { version_value: "1.0.0", }, { version_value: "1.1.0", }, { version_value: "1.2.0", }, { version_value: "1.3.0", }, { version_value: "2.0.0", }, { version_value: "2.1.0", }, { version_value: "2.2.0", }, { version_value: "2.2.1", }, { version_value: "2.2.2", }, { version_value: "2.2.3", }, { version_value: "3.0.0", }, { version_value: "3.0.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", refsource: "CONFIRM", title: "IBM Security Bulletin 886591 (Application Integration and Connectivity)", url: "https://www.ibm.com/support/docview.wss?uid=ibm10886591", }, { name: "ibm-mq-cve20194239-info-disc (159465)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4239", datePublished: "2019-06-14T14:45:18.008806Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:18:34.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3602
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-1906.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-1796.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:17.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:1906", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { name: "RHSA-2014:1796", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-03T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-01T15:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2014:1906", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { name: "RHSA-2014:1796", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3602", datePublished: "2014-11-13T15:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:17.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3680
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:17.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3680", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:17.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22863
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6855837 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 20.12.0 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6855837", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThan: "21.0.2", status: "affected", version: "20.12.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.", }, ], value: "IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319 Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-18T18:46:54.882Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6855837", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244109", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22863", datePublished: "2023-01-18T18:46:54.882Z", dateReserved: "2023-01-09T15:16:41.369Z", dateUpdated: "2024-08-02T10:20:31.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1814
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205616 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-23T00:00:00", descriptions: [ { lang: "en", value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1814", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a \"forced API token change\" involving anonymous users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205616", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1814", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.310Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3695
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1991685 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202209-12 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220930-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:08.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grub2", vendor: "n/a", versions: [ { status: "affected", version: "grub-2.06", }, ], }, ], descriptions: [ { lang: "en", value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-30T15:06:18", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3695", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grub2", version: { version_data: [ { version_value: "grub-2.06", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", }, { name: "GLSA-202209-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-12", }, { name: "https://security.netapp.com/advisory/ntap-20220930-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3695", datePublished: "2022-07-06T15:06:38", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-03T17:01:08.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3725
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3725", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7538
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-09T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-7538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7538", datePublished: "2016-02-03T15:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.455Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3496
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/59298 | third-party-advisory, x_refsource_SECUNIA | |
https://github.com/openshift/origin-server/pull/5521 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2014-0764.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-0762.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-0763.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1110470 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:06.098Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "59298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59298", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin-server/pull/5521", }, { name: "RHSA-2014:0764", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html", }, { name: "RHSA-2014:0762", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html", }, { name: "RHSA-2014:0763", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-06-18T00:00:00", descriptions: [ { lang: "en", value: "cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-05T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "59298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59298", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin-server/pull/5521", }, { name: "RHSA-2014:0764", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0764.html", }, { name: "RHSA-2014:0762", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0762.html", }, { name: "RHSA-2014:0763", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0763.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110470", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3496", datePublished: "2014-06-20T14:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:43:06.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0188
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0422.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1090120 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2014-0423.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:0422", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120", }, { name: "RHSA-2014:0423", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-23T00:00:00", descriptions: [ { lang: "en", value: "The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-24T11:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2014:0422", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0422.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1090120", }, { name: "RHSA-2014:0423", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0423.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0188", datePublished: "2014-04-24T14:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35514
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1914714 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift/machine-config-operator |
Version: Unspecified |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/machine-config-operator", vendor: "n/a", versions: [ { status: "affected", version: "Unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-02T13:22:12", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1914714", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35514", datePublished: "2021-06-02T13:22:12", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0790
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0711 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-25T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0790", datePublished: "2016-04-07T23:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.130Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0163
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2013-0163 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | OpenShift haproxy cartridge | OpenShift haproxy cartridge |
Version: through 2013-01-08 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2013-0163", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift haproxy cartridge", vendor: "OpenShift haproxy cartridge", versions: [ { status: "affected", version: "through 2013-01-08", }, ], }, ], descriptions: [ { lang: "en", value: "OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS", }, ], problemTypes: [ { descriptions: [ { description: "predictable /tmp in set-proxy connection hook", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-05T14:57:36", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2013-0163", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0163", datePublished: "2019-12-05T14:57:36", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3674
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-1906.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-1796.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:1906", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { name: "RHSA-2014:1796", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-03T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-12-01T15:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2014:1906", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1906.html", }, { name: "RHSA-2014:1796", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1796.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3674", datePublished: "2014-11-13T15:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1102
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:1235 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1241 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1233 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:0036 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1237 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1227 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1243 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1231 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1562246 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:1229 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1239 | vendor-advisory, x_refsource_REDHAT |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | atomic-openshift |
Version: as shipped with Openshift Enterprise 3.x |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:49.044Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:1235", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1235", }, { name: "RHSA-2018:1241", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1241", }, { name: "RHSA-2018:1233", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1233", }, { name: "RHSA-2019:0036", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0036", }, { name: "RHSA-2018:1237", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1237", }, { name: "RHSA-2018:1227", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1227", }, { name: "RHSA-2018:1243", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1243", }, { name: "RHSA-2018:1231", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1231", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246", }, { name: "RHSA-2018:1229", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1229", }, { name: "RHSA-2018:1239", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1239", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "atomic-openshift", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "as shipped with Openshift Enterprise 3.x", }, ], }, ], datePublic: "2018-03-29T00:00:00", descriptions: [ { lang: "en", value: "A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-09T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2018:1235", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1235", }, { name: "RHSA-2018:1241", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1241", }, { name: "RHSA-2018:1233", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1233", }, { name: "RHSA-2019:0036", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0036", }, { name: "RHSA-2018:1237", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1237", }, { name: "RHSA-2018:1227", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1227", }, { name: "RHSA-2018:1243", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1243", }, { name: "RHSA-2018:1231", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1231", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1562246", }, { name: "RHSA-2018:1229", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1229", }, { name: "RHSA-2018:1239", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1239", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1102", datePublished: "2018-04-30T19:00:00Z", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-08-05T03:51:49.044Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3696
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1991686 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202209-12 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220930-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:08.303Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grub2", vendor: "n/a", versions: [ { status: "affected", version: "grub-2.06", }, ], }, ], descriptions: [ { lang: "en", value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-30T15:06:17", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3696", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grub2", version: { version_data: [ { version_value: "grub-2.06", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", }, { name: "GLSA-202209-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-12", }, { name: "https://security.netapp.com/advisory/ntap-20220930-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3696", datePublished: "2022-07-06T15:06:43", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-03T17:01:08.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2074
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://openvswitch.org/pipermail/announce/2016-March/000082.html | mailing-list, x_refsource_MLIST | |
http://rhn.redhat.com/errata/RHSA-2016-0537.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-0524.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1318553 | x_refsource_CONFIRM | |
http://www.debian.org/security/2016/dsa-3533 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2016:0615 | vendor-advisory, x_refsource_REDHAT | |
https://security-tracker.debian.org/tracker/CVE-2016-2074 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201701-07 | vendor-advisory, x_refsource_GENTOO | |
https://support.citrix.com/article/CTX232655 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2016-0523.html | vendor-advisory, x_refsource_REDHAT | |
http://openvswitch.org/pipermail/announce/2016-March/000083.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/85700 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html", }, { name: "RHSA-2016:0537", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html", }, { name: "RHSA-2016:0524", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { name: "DSA-3533", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3533", }, { name: "RHSA-2016:0615", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0615", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-2074", }, { name: "GLSA-201701-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201701-07", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX232655", }, { name: "RHSA-2016:0523", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html", }, { name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html", }, { name: "85700", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/85700", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-28T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-22T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html", }, { name: "RHSA-2016:0537", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html", }, { name: "RHSA-2016:0524", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { name: "DSA-3533", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3533", }, { name: "RHSA-2016:0615", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0615", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-2074", }, { name: "GLSA-201701-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201701-07", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX232655", }, { name: "RHSA-2016:0523", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html", }, { name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html", }, { name: "85700", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/85700", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2074", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", refsource: "MLIST", url: "http://openvswitch.org/pipermail/announce/2016-March/000082.html", }, { name: "RHSA-2016:0537", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0537.html", }, { name: "RHSA-2016:0524", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0524.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { name: "DSA-3533", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3533", }, { name: "RHSA-2016:0615", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0615", }, { name: "https://security-tracker.debian.org/tracker/CVE-2016-2074", refsource: "CONFIRM", url: "https://security-tracker.debian.org/tracker/CVE-2016-2074", }, { name: "GLSA-201701-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201701-07", }, { name: "https://support.citrix.com/article/CTX232655", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX232655", }, { name: "RHSA-2016:0523", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0523.html", }, { name: "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available", refsource: "MLIST", url: "http://openvswitch.org/pipermail/announce/2016-March/000083.html", }, { name: "85700", refsource: "BID", url: "http://www.securityfocus.com/bid/85700", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2074", datePublished: "2016-07-03T21:00:00", dateReserved: "2016-01-26T00:00:00", dateUpdated: "2024-08-05T23:17:50.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3662
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T15:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3662", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0792
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/43375/ | exploit, x_refsource_EXPLOIT-DB | |
https://access.redhat.com/errata/RHSA-2016:0711 | vendor-advisory, x_refsource_REDHAT | |
https://www.exploit-db.com/exploits/42394/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream | x_refsource_MISC | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:05.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "43375", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43375/", }, { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "42394", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42394/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "43375", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43375/", }, { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "42394", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42394/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0792", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "43375", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43375/", }, { name: "RHSA-2016:0711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "42394", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42394/", }, { name: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", refsource: "MISC", url: "https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0792", datePublished: "2016-04-07T23:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:05.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2160
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/origin/pull/7864 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1064 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1316127 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.570Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openshift/origin/pull/7864", }, { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-12T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openshift/origin/pull/7864", }, { name: "RHSA-2016:1064", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1064", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1316127", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2160", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19335
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | openshift/installer |
Version: ose-installer as shipped in Openshift 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:46.713Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/installer", vendor: "Red Hat", versions: [ { status: "affected", version: "ose-installer as shipped in Openshift 4.2", }, ], }, ], descriptions: [ { lang: "en", value: "During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-18T15:45:41", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19335", datePublished: "2020-03-18T15:45:41", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:46.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3721
Vulnerability from cvelistv5
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2016-3721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-02T17:22:46.826118Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T19:04:06.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "ADP Container", }, { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.424Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { tags: [ "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-02T14:06:01.733858", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { url: "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3721", datePublished: "2016-05-17T00:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5318
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5318", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5318", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3260
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:07:05.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Openshift", vendor: "n/a", versions: [ { status: "affected", version: "4.9", }, ], }, ], descriptions: [ { lang: "en", value: "The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1021", description: "CWE-1021", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-08T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106780", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3260", datePublished: "2022-12-08T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T01:07:05.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1000229
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229 | x_refsource_MISC | |
http://www.securityfocus.com/bid/97580 | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2017:0868 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:55:27.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/97580", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "swagger-ui has XSS in key names", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-20T13:02:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/97580", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-1000229", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "swagger-ui has XSS in key names", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", refsource: "MISC", url: "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229", }, { name: "http://www.securityfocus.com/bid/97580", refsource: "MISC", url: "http://www.securityfocus.com/bid/97580", }, { name: "https://access.redhat.com/errata/RHSA-2017:0868", refsource: "MISC", url: "https://access.redhat.com/errata/RHSA-2017:0868", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-1000229", datePublished: "2019-12-20T13:02:44", dateReserved: "2016-09-20T00:00:00", dateUpdated: "2024-08-06T03:55:27.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-1869
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/zeroclipboard/zeroclipboard/pull/335 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/91085 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/56821 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/65484 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM | |
https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 | x_refsource_CONFIRM | |
https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:58:15.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/zeroclipboard/zeroclipboard/pull/335", }, { name: "zeroclipboard-cve20141869-xss(91085)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085", }, { name: "56821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56821", }, { name: "65484", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65484", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-31T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/zeroclipboard/zeroclipboard/pull/335", }, { name: "zeroclipboard-cve20141869-xss(91085)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085", }, { name: "56821", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56821", }, { name: "65484", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65484", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-1869", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/zeroclipboard/zeroclipboard/pull/335", refsource: "CONFIRM", url: "https://github.com/zeroclipboard/zeroclipboard/pull/335", }, { name: "zeroclipboard-cve20141869-xss(91085)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085", }, { name: "56821", refsource: "SECUNIA", url: "http://secunia.com/advisories/56821", }, { name: "65484", refsource: "BID", url: "http://www.securityfocus.com/bid/65484", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, { name: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", refsource: "CONFIRM", url: "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2", }, { name: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", refsource: "MISC", url: "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-1869", datePublished: "2014-02-08T00:00:00", dateReserved: "2014-02-06T00:00:00", dateUpdated: "2024-08-06T09:58:15.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3666
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:17.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3666", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:17.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1812
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1205615 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-23T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1812", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205615", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1812", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7075
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/kubernetes/kubernetes/issues/34517 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:2064 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:50:47.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/issues/34517", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", }, { name: "RHSA-2016:2064", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:2064", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift", vendor: "Red Hat", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-10T00:00:00", descriptions: [ { lang: "en", value: "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-11T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/kubernetes/issues/34517", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075", }, { name: "RHSA-2016:2064", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:2064", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-7075", datePublished: "2018-09-10T14:00:00", dateReserved: "2016-08-23T00:00:00", dateUpdated: "2024-08-06T01:50:47.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43844
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6852663 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239081 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation for Cloud Pak |
Version: 20.12 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6852663", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation for Cloud Pak", vendor: "IBM", versions: [ { lessThan: "21.0.3", status: "affected", version: "20.12", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.", }, ], value: "IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613 Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-05T17:19:27.774Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6852663", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/239081", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation for Cloud Pak session fixation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-43844", datePublished: "2023-01-05T17:19:27.774Z", dateReserved: "2022-10-26T15:46:22.820Z", dateUpdated: "2024-08-03T13:40:06.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1709
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | openshift/mediawiki |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/mediawiki", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/mediawiki 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/mediawiki. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1709", datePublished: "2020-03-20T00:00:00", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5324
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-07T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5324", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5324", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5222
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2015:1650 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:07.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2015:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2015:1650", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-20T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-08-24T14:57:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2015:1650", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2015:1650", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5222", datePublished: "2015-08-24T14:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:07.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0165
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | OpenShift mongodb cartridge | OpenShift mongodb cartridge |
Version: before 3b74dd3d162a9a3b63a7ac4e1eaccea6b889e186 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift mongodb cartridge", vendor: "OpenShift mongodb cartridge", versions: [ { status: "affected", version: "before 3b74dd3d162a9a3b63a7ac4e1eaccea6b889e186", }, ], }, ], datePublic: "2014-06-24T00:00:00", descriptions: [ { lang: "en", value: "cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-01T18:12:44", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0165", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0165", datePublished: "2019-11-01T18:12:44", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4047
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2027881 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:03.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift", vendor: "n/a", versions: [ { status: "affected", version: "OpenShift 4.9", }, ], }, ], descriptions: [ { lang: "en", value: "The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-11T19:38:31", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2027881", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-4047", datePublished: "2022-04-11T19:38:31", dateReserved: "2021-12-02T00:00:00", dateUpdated: "2024-08-03T17:16:03.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5123
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2013-5123 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123 | x_refsource_MISC | |
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123 | x_refsource_MISC | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html | x_refsource_MISC | |
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/08/21/17 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/08/21/18 | x_refsource_MISC | |
http://www.securityfocus.com/bid/77520 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:06:50.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-5123", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/18", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/77520", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-05T21:16:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2013-5123", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", }, { tags: [ "x_refsource_MISC", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", }, { tags: [ "x_refsource_MISC", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/17", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2013/08/21/18", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/77520", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5123", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security-tracker.debian.org/tracker/CVE-2013-5123", refsource: "MISC", url: "https://security-tracker.debian.org/tracker/CVE-2013-5123", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123", }, { name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", refsource: "MISC", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html", }, { name: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", refsource: "MISC", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html", }, { name: "http://www.openwall.com/lists/oss-security/2013/08/21/17", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2013/08/21/17", }, { name: "http://www.openwall.com/lists/oss-security/2013/08/21/18", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2013/08/21/18", }, { name: "http://www.securityfocus.com/bid/77520", refsource: "MISC", url: "http://www.securityfocus.com/bid/77520", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5123", datePublished: "2019-11-05T21:16:59", dateReserved: "2013-08-15T00:00:00", dateUpdated: "2024-08-06T17:06:50.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0296
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Red Hat OpenShift |
Version: OpenShift 4.11 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:10:55.076Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Red Hat OpenShift", vendor: "n/a", versions: [ { status: "affected", version: "OpenShift 4.11", }, ], }, ], descriptions: [ { lang: "en", value: "The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161287", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-0296", datePublished: "2023-01-17T00:00:00", dateReserved: "2023-01-13T00:00:00", dateUpdated: "2024-08-02T05:10:55.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0023
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2014-0023 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:58:26.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2014-0023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift", vendor: "OpenShift", versions: [ { status: "affected", version: "through 2014-01-21", }, ], }, ], descriptions: [ { lang: "en", value: "OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution", }, ], problemTypes: [ { descriptions: [ { description: "install script has temporary file creation vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-15T14:40:12", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0023", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2014-0023", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0023", datePublished: "2019-11-15T14:40:12", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T08:58:26.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3727
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3727", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3727", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0789
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0711 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-25T00:00:00", descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0789", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0711", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0789", datePublished: "2016-04-07T23:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19346
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Openshift Enterprise | openshift/mariadb-apb |
Version: Fixed in 4.3.5-202003020549 Version: Fixed in 4.2.21-202002240343 Version: Fixed in 4.1.37-202003021622 Version: Fixed in 3.11.188-4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/mariadb-apb", vendor: "Openshift Enterprise", versions: [ { status: "affected", version: "Fixed in 4.3.5-202003020549", }, { status: "affected", version: "Fixed in 4.2.21-202002240343", }, { status: "affected", version: "Fixed in 4.1.37-202003021622", }, { status: "affected", version: "Fixed in 3.11.188-4", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-02T19:12:29", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-19346", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift/mariadb-apb", version: { version_data: [ { version_value: "Fixed in 4.3.5-202003020549", }, { version_value: "Fixed in 4.2.21-202002240343", }, { version_value: "Fixed in 4.1.37-202003021622", }, { version_value: "Fixed in 3.11.188-4", }, ], }, }, ], }, vendor_name: "Openshift Enterprise", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], }, impact: { cvss: [ [ { vectorString: "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-266", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19346", datePublished: "2020-04-02T19:12:29", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.011Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43058
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7047017 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 23.0.9 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:37:23.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047017", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-43058", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T16:10:45.586299Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T16:10:55.953Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { status: "affected", version: "23.0.9", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.", }, ], value: "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "264 Permissions, Privileges, Access Controls", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-06T13:09:44.458Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047017", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation privilege escalation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-43058", datePublished: "2023-10-06T13:09:44.458Z", dateReserved: "2023-09-15T01:12:39.148Z", dateUpdated: "2024-09-19T16:10:55.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-39013
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6529200 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213651 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Security |
Version: 1.7.0.0 Version: 1.7.1.0 Version: 1.7.2.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:58:17.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6529200", }, { name: "ibm-cp4s-cve202139013-info-disc (213651)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cloud Pak for Security", vendor: "IBM", versions: [ { status: "affected", version: "1.7.0.0", }, { status: "affected", version: "1.7.1.0", }, { status: "affected", version: "1.7.2.0", }, ], }, ], datePublic: "2021-12-21T00:00:00", descriptions: [ { lang: "en", value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/S:U/AV:N/A:N/UI:N/AC:L/PR:L/I:N/C:L/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-22T16:50:09", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6529200", }, { name: "ibm-cp4s-cve202139013-info-disc (213651)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-12-21T00:00:00", ID: "CVE-2021-39013", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cloud Pak for Security", version: { version_data: [ { version_value: "1.7.0.0", }, { version_value: "1.7.1.0", }, { version_value: "1.7.2.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6529200", refsource: "CONFIRM", title: "IBM Security Bulletin 6529200 (Cloud Pak for Security)", url: "https://www.ibm.com/support/pages/node/6529200", }, { name: "ibm-cp4s-cve202139013-info-disc (213651)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/213651", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-39013", datePublished: "2021-12-22T16:50:09.950208Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T00:22:03.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22594
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6855835 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation for Cloud Pak |
Version: 20.12.0 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6855835", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation for Cloud Pak", vendor: "IBM", versions: [ { lessThan: "21.0.4", status: "affected", version: "20.12.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.", }, ], value: "IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-18T18:41:26.417Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6855835", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244075", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation for Cloud Pak cross-site scripting", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22594", datePublished: "2023-01-18T18:41:26.417Z", dateReserved: "2023-01-03T19:19:41.133Z", dateUpdated: "2024-08-02T10:13:49.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23468
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7005999 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244500 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation for Cloud Pak |
Version: 21.0.1 ≤ 21.0.7.3 Version: 23.0.0 ≤ 23.0.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:41.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7005999", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-23468", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T15:07:35.917496Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-01T15:07:48.314Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation for Cloud Pak", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.3", status: "affected", version: "21.0.1", versionType: "semver", }, { lessThanOrEqual: "23.0.3", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.", }, ], value: "IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "284 Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T18:30:35.685Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7005999", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244500", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation for Cloud Pak access control", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-23468", datePublished: "2023-06-27T18:30:35.685Z", dateReserved: "2023-01-12T16:24:46.602Z", dateUpdated: "2024-11-01T15:07:48.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19345
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | openshift/mediawiki-apb |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/mediawiki-apb", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-20T14:00:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19345", datePublished: "2020-03-20T14:00:33", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3663
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T15:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3663", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.207Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10885
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/104688 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | atomic-openshift |
Version: atomic-openshift 3.10.9 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:34.734Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", }, { name: "104688", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "atomic-openshift", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "atomic-openshift 3.10.9", }, ], }, ], datePublic: "2018-07-04T00:00:00", descriptions: [ { lang: "en", value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-10T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", }, { name: "104688", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2018-10885", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "atomic-openshift", version: { version_data: [ { version_value: "atomic-openshift 3.10.9", }, ], }, }, ], }, vendor_name: "[UNKNOWN]", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.", }, ], }, impact: { cvss: [ [ { vectorString: "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10885", }, { name: "104688", refsource: "BID", url: "http://www.securityfocus.com/bid/104688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10885", datePublished: "2018-07-05T13:00:00", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-08-05T07:54:34.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7539
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-09T00:00:00", descriptions: [ { lang: "en", value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-7539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7539", datePublished: "2016-02-03T15:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.450Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5320
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5320", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5320", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0234
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/openshift-extras/blob/master/README.md | x_refsource_MISC | |
http://openwall.com/lists/oss-security/2014/06/05/19 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1097008 | x_refsource_MISC | |
https://rhn.redhat.com/errata/RHSA-2014-0487.html | x_refsource_MISC | |
http://www.securityfocus.com/bid/67657 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Red Hat OpenShift Enterprise |
Version: 2.x before 2.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openshift/openshift-extras/blob/master/README.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2014/06/05/19", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/67657", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Red Hat OpenShift Enterprise", vendor: "n/a", versions: [ { status: "affected", version: "2.x before 2.1", }, ], }, ], datePublic: "2014-05-14T00:00:00", descriptions: [ { lang: "en", value: "The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of \"mooo\" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.", }, ], problemTypes: [ { descriptions: [ { description: "Password", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-12T00:09:56", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/openshift/openshift-extras/blob/master/README.md", }, { tags: [ "x_refsource_MISC", ], url: "http://openwall.com/lists/oss-security/2014/06/05/19", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1097008", }, { tags: [ "x_refsource_MISC", ], url: "https://rhn.redhat.com/errata/RHSA-2014-0487.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/67657", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0234", datePublished: "2020-02-12T00:09:56", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3724
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3724", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3724", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22593
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7006001 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/244074 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation for Cloud Pak |
Version: 21.0.1 ≤ 21.0.7.3 Version: 23.0.0 ≤ 23.0.3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:13:49.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7006001", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22593", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T18:53:52.163890Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T18:55:14.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation for Cloud Pak", vendor: "IBM", versions: [ { lessThanOrEqual: "21.0.7.3", status: "affected", version: "21.0.1", versionType: "semver", }, { lessThanOrEqual: "23.0.3", status: "affected", version: "23.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "16 Configuration", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T18:00:38.347Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7006001", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/244074", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation for Cloud Pak security configuration", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-22593", datePublished: "2023-06-27T18:00:38.347Z", dateReserved: "2023-01-03T19:19:41.133Z", dateUpdated: "2024-11-06T18:55:14.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27540
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7009883 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/248924 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Watson CP4D Data Stores |
Version: 4.6.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:16:35.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7009883", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-27540", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-25T19:50:44.661840Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-25T19:52:30.451Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Watson CP4D Data Stores", vendor: "IBM", versions: [ { status: "affected", version: "4.6.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.", }, ], value: "IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-10T00:22:35.465Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7009883", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/248924", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Watson CP4D Data Stores denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-27540", datePublished: "2023-07-10T00:22:35.465Z", dateReserved: "2023-03-02T20:39:09.417Z", dateUpdated: "2024-10-25T19:52:30.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3726
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3726", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3726", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5317
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5317", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5317", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15137
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHBA-2018:0489 | vendor-advisory, x_refsource_REDHAT |
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | atomic-openshift |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:50:16.136Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", }, { name: "RHBA-2018:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2018:0489", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "atomic-openshift", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-16T00:00:00", descriptions: [ { lang: "en", value: "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-17T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", }, { name: "RHBA-2018:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2018:0489", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-15137", datePublished: "2018-07-16T20:00:00", dateReserved: "2017-10-08T00:00:00", dateUpdated: "2024-08-05T19:50:16.136Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10225
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1743073 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | atomic-openshift |
Version: atomic-openshift of openshift-4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:17:20.149Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "atomic-openshift", vendor: "n/a", versions: [ { status: "affected", version: "atomic-openshift of openshift-4.2", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-19T20:01:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1743073", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-10225", datePublished: "2021-03-19T20:01:33", dateReserved: "2019-03-27T00:00:00", dateUpdated: "2024-08-04T22:17:20.149Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1000376
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2017-1000376 | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-3889 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:00:41.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2017-1000376", }, { name: "DSA-3889", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3889", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-19T00:00:00", descriptions: [ { lang: "en", value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-15T19:15:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/cve/CVE-2017-1000376", }, { name: "DSA-3889", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3889", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-1000376", REQUESTER: "qsa@qualys.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", refsource: "MISC", url: "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", }, { name: "https://access.redhat.com/security/cve/CVE-2017-1000376", refsource: "CONFIRM", url: "https://access.redhat.com/security/cve/CVE-2017-1000376", }, { name: "DSA-3889", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3889", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-1000376", datePublished: "2017-06-19T16:00:00", dateReserved: "2017-06-19T00:00:00", dateUpdated: "2024-08-05T22:00:41.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4253
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Red Hat Openshift |
Version: Red Hat Openshift 1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.711Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { tags: [ "x_transferred", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Red Hat Openshift", vendor: "n/a", versions: [ { status: "affected", version: "Red Hat Openshift 1", }, ], }, ], descriptions: [ { lang: "en", value: "The deployment script in the unsupported \"OpenShift Extras\" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-377", description: "CWE-377", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-19T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4253", datePublished: "2022-10-19T00:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36769
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6980959 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Data |
Version: 4.5, 4.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:14:27.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6980959", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud Pak for Data", vendor: "IBM", versions: [ { status: "affected", version: "4.5, 4.6", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.</span>\n\n", }, ], value: "\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-26T02:52:02.470Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6980959", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cloud Pak for Data file upload", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-36769", datePublished: "2023-04-26T02:52:02.470Z", dateReserved: "2022-07-26T14:04:17.544Z", dateUpdated: "2024-08-03T10:14:27.951Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3703
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1094 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:1095 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { name: "RHSA-2016:1095", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1095", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-19T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-08T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:1094", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1094", }, { name: "RHSA-2016:1095", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1095", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3703", datePublished: "2016-06-08T17:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2060
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=960363 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2013/05/07/1 | x_refsource_MISC | |
http://www.securityfocus.com/bid/59687 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/84075 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | OpenShift Origin |
Version: unknown |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:37.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/05/07/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/59687", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift Origin", vendor: "Red Hat", versions: [ { status: "affected", version: "unknown", }, ], }, ], datePublic: "2013-05-07T00:00:00", descriptions: [ { lang: "en", value: "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.", }, ], problemTypes: [ { descriptions: [ { description: "Metacharacters", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-28T15:57:58", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=960363", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2013/05/07/1", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/59687", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2060", datePublished: "2020-01-28T15:57:58", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:20:37.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1069
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1552987 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103364 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | OpenShift Enterprise |
Version: 3.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:47.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", }, { name: "103364", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103364", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift Enterprise", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "3.7", }, ], }, ], datePublic: "2018-03-07T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 (Improper Access Control)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-13T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1552987", }, { name: "103364", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103364", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-1069", datePublished: "2018-03-09T14:00:00Z", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-08-05T03:51:47.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3636
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1978621 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:07.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "n/a", versions: [ { status: "affected", version: "openshift 4.8", }, ], }, ], descriptions: [ { lang: "en", value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295->CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-30T19:27:06", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3636", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift", version: { version_data: [ { version_value: "openshift 4.8", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295->CWE-287", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1978621", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3636", datePublished: "2021-07-30T19:27:06", dateReserved: "2021-07-02T00:00:00", dateUpdated: "2024-08-03T17:01:07.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1810
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2015-1844.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1205627 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-27T00:00:00", descriptions: [ { lang: "en", value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T15:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", }, { name: "RHSA-2015:1844", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1844.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1810", datePublished: "2015-10-16T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5254
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:08.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3524", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-03T00:00:00", descriptions: [ { lang: "en", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-27T19:06:06", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-3524", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3524", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3524", }, { name: "RHSA-2016:2035", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2035.html", }, { name: "FEDORA-2015-7ca4368b0c", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html", }, { name: "[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/12/08/6", }, { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", }, { name: "FEDORA-2015-eefc5a6762", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html", }, { name: "RHSA-2016:2036", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2036.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { name: "https://issues.apache.org/jira/browse/AMQ-6013", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/AMQ-6013", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { name: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", refsource: "CONFIRM", url: "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt", }, { name: "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5254", datePublished: "2016-01-08T19:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:08.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38911
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6505281 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/209940 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Cloud Pak for Security |
Version: 1.7.2.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:20.358Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6505281", }, { name: "ibm-cprm-cve202138911-info-disc (209940)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cloud Pak for Security", vendor: "IBM", versions: [ { status: "affected", version: "1.7.2.0", }, ], }, ], datePublic: "2021-10-18T00:00:00", descriptions: [ { lang: "en", value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.9, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:H/AC:H/AV:N/UI:N/I:N/C:H/A:N/S:U/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-19T15:15:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6505281", }, { name: "ibm-cprm-cve202138911-info-disc (209940)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-18T00:00:00", ID: "CVE-2021-38911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cloud Pak for Security", version: { version_data: [ { version_value: "1.7.2.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "H", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6505281", refsource: "CONFIRM", title: "IBM Security Bulletin 6505281 (Cloud Pak for Security)", url: "https://www.ibm.com/support/pages/node/6505281", }, { name: "ibm-cprm-cve202138911-info-disc (209940)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/209940", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-38911", datePublished: "2021-10-19T15:15:16.168555Z", dateReserved: "2021-08-16T00:00:00", dateUpdated: "2024-09-17T02:52:18.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29906
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6497177 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/207630 | vdb-entry, x_refsource_XF |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | App Connect Enterprise Certified Container |
Version: 1.0.0 Version: 1.0.1 Version: 1.0.2 Version: 1.0.3 Version: 1.0.4 Version: 1.0.5 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6497177", }, { name: "ibm-appconnect-cve202129906-info-disc (207630)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "App Connect Enterprise Certified Container", vendor: "IBM", versions: [ { status: "affected", version: "1.0.0", }, { status: "affected", version: "1.0.1", }, { status: "affected", version: "1.0.2", }, { status: "affected", version: "1.0.3", }, { status: "affected", version: "1.0.4", }, { status: "affected", version: "1.0.5", }, { status: "affected", version: "1.1", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.3", }, { status: "affected", version: "1.4", }, { status: "affected", version: "1.5", }, ], }, ], datePublic: "2021-10-07T00:00:00", descriptions: [ { lang: "en", value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/S:U/A:N/C:H/AV:L/PR:N/UI:N/AC:H/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-08T17:20:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6497177", }, { name: "ibm-appconnect-cve202129906-info-disc (207630)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-10-07T00:00:00", ID: "CVE-2021-29906", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "App Connect Enterprise Certified Container", version: { version_data: [ { version_value: "1.0.0", }, { version_value: "1.0.1", }, { version_value: "1.0.2", }, { version_value: "1.0.3", }, { version_value: "1.0.4", }, { version_value: "1.0.5", }, { version_value: "1.1", }, { version_value: "1.2", }, { version_value: "1.3", }, { version_value: "1.4", }, { version_value: "1.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6497177", refsource: "CONFIRM", title: "IBM Security Bulletin 6497177 (App Connect Enterprise Certified Container)", url: "https://www.ibm.com/support/pages/node/6497177", }, { name: "ibm-appconnect-cve202129906-info-disc (207630)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29906", datePublished: "2021-10-08T17:20:13.582974Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T17:32:49.745Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5658
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-0220.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=889062 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:16.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0220", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-24T22:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0220", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0220.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=889062", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5658", datePublished: "2013-02-24T22:00:00Z", dateReserved: "2012-10-24T00:00:00Z", dateUpdated: "2024-08-06T21:14:16.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41740
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6852657 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 | vdb-entry |
Vendor | Product | Version | |
---|---|---|---|
▼ | IBM | Robotic Process Automation |
Version: 20.12 ≤ |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6852657", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Robotic Process Automation", vendor: "IBM", versions: [ { lessThan: "21.0.6", status: "affected", version: "20.12", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.</span>\n\n", }, ], value: "\nIBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "316 Cleartext Storage of Sensitive Information in Memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-05T17:30:38.568Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/6852657", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Robotic Process Automation information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-41740", datePublished: "2023-01-05T17:30:38.568Z", dateReserved: "2022-09-28T17:18:53.377Z", dateUpdated: "2024-08-03T12:49:43.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1707
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | [UNKNOWN] | openshift/postgresql-apb |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/postgresql-apb", vendor: "[UNKNOWN]", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1707", datePublished: "2020-03-20T00:00:00", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5319
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-0489.html | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:41:09.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-18T00:00:00", descriptions: [ { lang: "en", value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0489", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-5319", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2016:0489", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-0489.html", }, { name: "RHSA-2016:0070", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-5319", datePublished: "2015-11-25T20:00:00", dateReserved: "2015-07-01T00:00:00", dateUpdated: "2024-08-06T06:41:09.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2126
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/55381 | third-party-advisory, x_refsource_SECUNIA | |
http://www.ubuntu.com/usn/USN-1582-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/rubygems/rubygems/blob/1.8/History.txt | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-1203.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=814718 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2012/04/20/24 | mailing-list, x_refsource_MLIST | |
http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2013-1441.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-04-19T00:00:00", descriptions: [ { lang: "en", value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-07T13:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-2126", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "55381", refsource: "SECUNIA", url: "http://secunia.com/advisories/55381", }, { name: "USN-1582-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1582-1/", }, { name: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", refsource: "CONFIRM", url: "https://github.com/rubygems/rubygems/blob/1.8/History.txt", }, { name: "RHSA-2013:1203", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1203.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=814718", }, { name: "[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/04/20/24", }, { name: "RHSA-2013:1852", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2126", datePublished: "2013-10-01T17:00:00", dateReserved: "2012-04-04T00:00:00", dateUpdated: "2024-08-06T19:26:08.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3722
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 | x_refsource_CONFIRM | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1206 | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2016-1773.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:03:34.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-11T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", refsource: "CONFIRM", url: "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11", }, { name: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", refsource: "CONFIRM", url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", }, { name: "RHSA-2016:1206", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1206", }, { name: "RHSA-2016:1773", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-1773.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3722", datePublished: "2016-05-17T14:00:00", dateReserved: "2016-03-30T00:00:00", dateUpdated: "2024-08-06T00:03:34.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3697
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1991687 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202209-12 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220930-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:08.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "grub2", vendor: "n/a", versions: [ { status: "affected", version: "grub-2.06", }, ], }, ], descriptions: [ { lang: "en", value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-30T15:06:20", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", }, { name: "GLSA-202209-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-12", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3697", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "grub2", version: { version_data: [ { version_value: "grub-2.06", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", }, { name: "GLSA-202209-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-12", }, { name: "https://security.netapp.com/advisory/ntap-20220930-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220930-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3697", datePublished: "2022-07-06T15:06:47", dateReserved: "2021-08-10T00:00:00", dateUpdated: "2024-08-03T17:01:08.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5392
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/91793 | vdb-entry, x_refsource_BID | |
https://bugzilla.redhat.com/show_bug.cgi?id=1356195 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2016:1427 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:00:59.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "91793", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91793", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195", }, { name: "RHSA-2016:1427", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1427", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-07-13T00:00:00", descriptions: [ { lang: "en", value: "The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-08-05T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "91793", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91793", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1356195", }, { name: "RHSA-2016:1427", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1427", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-5392", datePublished: "2016-08-05T15:00:00", dateReserved: "2016-06-10T00:00:00", dateUpdated: "2024-08-06T01:00:59.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0229
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | github.com/openshift/apiserver-library-go |
Version: openshift/apiserver-library-go 4.11 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:44.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "github.com/openshift/apiserver-library-go", vendor: "n/a", versions: [ { status: "affected", version: "openshift/apiserver-library-go 4.11", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to \"unconfined.\" By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is \"runtime/default,\" allowing users to disable seccomp for pods they can create and modify.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-25T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2160349", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-0229", datePublished: "2023-01-25T00:00:00", dateReserved: "2023-01-12T00:00:00", dateUpdated: "2024-08-02T05:02:44.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19351
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "Red Hat", versions: [ { status: "affected", version: "Openshift 4 and 3.11", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-18T16:33:50", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19351", datePublished: "2020-03-18T16:33:50", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6648
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://support.f5.com/csp/article/K74327432 | x_refsource_MISC | |
https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | F5 Container Ingress Service |
Version: 1.9.0 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:22.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.f5.com/csp/article/K74327432", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "F5 Container Ingress Service", vendor: "n/a", versions: [ { status: "affected", version: "1.9.0", }, ], }, ], descriptions: [ { lang: "en", value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-09T19:07:38", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.f5.com/csp/article/K74327432", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medium=RSS", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", ID: "CVE-2019-6648", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "F5 Container Ingress Service", version: { version_data: [ { version_value: "1.9.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K74327432", refsource: "MISC", url: "https://support.f5.com/csp/article/K74327432", }, { name: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K74327432?utm_source=f5support&utm_medium=RSS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2019-6648", datePublished: "2019-09-04T15:49:06", dateReserved: "2019-01-22T00:00:00", dateUpdated: "2024-08-04T20:23:22.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19355
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "Red Hat", versions: [ { status: "affected", version: "Openshift 4", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-18T16:35:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19355", datePublished: "2020-03-18T16:35:00", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1759
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ | vendor-advisory, x_refsource_FEDORA | |
https://security.gentoo.org/glsa/202105-39 | vendor-advisory, x_refsource_GENTOO |
Vendor | Product | Version | |
---|---|---|---|
▼ | The Ceph Project | ceph |
Version: Red Hat Ceph Storage 4 Version: Red Hat Openshift Container Storage 4.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:46:30.894Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", }, { name: "FEDORA-2020-81b9c6cddc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", }, { name: "GLSA-202105-39", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-39", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ceph", vendor: "The Ceph Project", versions: [ { status: "affected", version: "Red Hat Ceph Storage 4", }, { status: "affected", version: "Red Hat Openshift Container Storage 4.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-323", description: "CWE-323", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-26T23:06:21", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", }, { name: "FEDORA-2020-81b9c6cddc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", }, { name: "GLSA-202105-39", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-39", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-1759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ceph", version: { version_data: [ { version_value: "Red Hat Ceph Storage 4", }, { version_value: "Red Hat Openshift Container Storage 4.2", }, ], }, }, ], }, vendor_name: "The Ceph Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.", }, ], }, impact: { cvss: [ [ { vectorString: "6.4/CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-323", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759", }, { name: "FEDORA-2020-81b9c6cddc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/", }, { name: "GLSA-202105-39", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-39", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-1759", datePublished: "2020-04-13T12:04:04", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-04T06:46:30.894Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19349
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1793284 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | operator-framework/operator-metering |
Version: as shipped in Red Hat Openshift 4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "operator-framework/operator-metering", vendor: "n/a", versions: [ { status: "affected", version: "as shipped in Red Hat Openshift 4", }, ], }, ], descriptions: [ { lang: "en", value: "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-24T15:32:35", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1793284", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1791534", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-19349", datePublished: "2021-03-24T15:32:35", dateReserved: "2019-11-27T00:00:00", dateUpdated: "2024-08-05T02:16:47.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3667
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3667", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0233
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0530.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-0529.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1096955 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.283Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2014:0530", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html", }, { name: "RHSA-2014:0529", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-21T00:00:00", descriptions: [ { lang: "en", value: "Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-11-16T02:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2014:0530", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0530.html", }, { name: "RHSA-2014:0529", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0529.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1096955", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0233", datePublished: "2014-11-16T11:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3259
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:07:05.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift", vendor: "n/a", versions: [ { status: "affected", version: "4.9.0", }, ], }, ], descriptions: [ { lang: "en", value: "Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-665", description: "CWE-665", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-09T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103220", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3259", datePublished: "2022-12-09T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T01:07:05.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3661
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:18.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-10T00:00:00", descriptions: [ { lang: "en", value: "Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-06-09T15:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2016:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:0070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3661", datePublished: "2014-10-16T19:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:18.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44487
Vulnerability from cvelistv5
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http", vendor: "ietf", versions: [ { status: "affected", version: "2.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-44487", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:34:21.334116Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-10-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T20:35:03.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-19T07:48:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { tags: [ "x_transferred", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37831062", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { tags: [ "x_transferred", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { tags: [ "x_transferred", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { tags: [ "x_transferred", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { tags: [ "x_transferred", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { tags: [ "x_transferred", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { tags: [ "x_transferred", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830987", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830998", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { tags: [ "x_transferred", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { tags: [ "x_transferred", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { tags: [ "x_transferred", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { tags: [ "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { tags: [ "x_transferred", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { tags: [ "x_transferred", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { tags: [ "x_transferred", ], url: "https://github.com/facebook/proxygen/pull/466", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { tags: [ "x_transferred", ], url: "https://github.com/micrictor/http2-rst-stream", }, { tags: [ "x_transferred", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { tags: [ "x_transferred", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/pull/3291", }, { tags: [ "x_transferred", ], url: "https://github.com/nodejs/node/pull/50121", }, { tags: [ "x_transferred", ], url: "https://github.com/dotnet/announcements/issues/277", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/go/issues/63417", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { tags: [ "x_transferred", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { tags: [ "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { tags: [ "x_transferred", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { tags: [ "x_transferred", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { tags: [ "x_transferred", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37837043", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { tags: [ "x_transferred", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { tags: [ "x_transferred", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { tags: [ "x_transferred", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { tags: [ "x_transferred", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { tags: [ "x_transferred", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { tags: [ "x_transferred", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { tags: [ "x_transferred", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd-site/pull/10", }, { tags: [ "x_transferred", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { tags: [ "x_transferred", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { tags: [ "x_transferred", ], url: "https://github.com/line/armeria/pull/5232", }, { tags: [ "x_transferred", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/akka/akka-http/issues/4323", }, { tags: [ "x_transferred", ], url: "https://github.com/openresty/openresty/issues/930", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/apisix/issues/10320", }, { tags: [ "x_transferred", ], url: "https://github.com/Azure/AKS/issues/3947", }, { tags: [ "x_transferred", ], url: "https://github.com/Kong/kong/discussions/11741", }, { tags: [ "x_transferred", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { tags: [ "x_transferred", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { tags: [ "x_transferred", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:08:34.967324", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { url: "https://news.ycombinator.com/item?id=37831062", }, { url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { url: "https://github.com/envoyproxy/envoy/pull/30055", }, { url: "https://github.com/haproxy/haproxy/issues/2312", }, { url: "https://github.com/eclipse/jetty.project/issues/10679", }, { url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { url: "https://github.com/alibaba/tengine/issues/1872", }, { url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { url: "https://news.ycombinator.com/item?id=37830987", }, { url: "https://news.ycombinator.com/item?id=37830998", }, { url: "https://github.com/caddyserver/caddy/issues/5877", }, { url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { url: "https://github.com/grpc/grpc-go/pull/6703", }, { url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { url: "https://my.f5.com/manage/s/article/K000137106", }, { url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { url: "https://github.com/facebook/proxygen/pull/466", }, { url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { url: "https://github.com/micrictor/http2-rst-stream", }, { url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { url: "https://github.com/h2o/h2o/pull/3291", }, { url: "https://github.com/nodejs/node/pull/50121", }, { url: "https://github.com/dotnet/announcements/issues/277", }, { url: "https://github.com/golang/go/issues/63417", }, { url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { url: "https://github.com/apache/trafficserver/pull/10564", }, { url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { url: "https://news.ycombinator.com/item?id=37837043", }, { url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { url: "https://github.com/ninenines/cowboy/issues/1615", }, { url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { url: "https://blog.vespa.ai/cve-2023-44487/", }, { url: "https://github.com/etcd-io/etcd/issues/16740", }, { url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { url: "https://ubuntu.com/security/CVE-2023-44487", }, { url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { url: "https://github.com/apache/httpd-site/pull/10", }, { url: "https://github.com/projectcontour/contour/pull/5826", }, { url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { url: "https://github.com/line/armeria/pull/5232", }, { url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { url: "https://github.com/akka/akka-http/issues/4323", }, { url: "https://github.com/openresty/openresty/issues/930", }, { url: "https://github.com/apache/apisix/issues/10320", }, { url: "https://github.com/Azure/AKS/issues/3947", }, { url: "https://github.com/Kong/kong/discussions/11741", }, { url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-44487", datePublished: "2023-10-10T00:00:00", dateReserved: "2023-09-29T00:00:00", dateUpdated: "2024-08-19T07:48:04.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0238
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2015-0238 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1184739 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2015-0238", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-22T00:00:00", descriptions: [ { lang: "en", value: "selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-25T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/cve/CVE-2015-0238", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1184739", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-0238", datePublished: "2017-09-25T19:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8651
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94935 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2016:2915 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651 | x_refsource_CONFIRM |
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | OpenShift Enterprise |
Version: 3 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:41.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94935", }, { name: "RHSA-2016:2915", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:2915", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenShift Enterprise", vendor: "Red Hat", versions: [ { status: "affected", version: "3", }, ], }, ], datePublic: "2016-12-07T00:00:00", descriptions: [ { lang: "en", value: "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-02T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "94935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94935", }, { name: "RHSA-2016:2915", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:2915", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-8651", datePublished: "2018-08-01T16:00:00", dateReserved: "2016-10-12T00:00:00", dateUpdated: "2024-08-06T02:27:41.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4281
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Red Hat Openshift |
Version: Red Hat Openshift 1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { tags: [ "x_transferred", ], url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Red Hat Openshift", vendor: "n/a", versions: [ { status: "affected", version: "Red Hat Openshift 1", }, ], }, ], descriptions: [ { lang: "en", value: "In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-19T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2014/06/05/19", }, { url: "https://github.com/openshift/openshift-extras/blob/enterprise-2.0/README.md#security-notice", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4281", datePublished: "2022-10-19T00:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9592
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94991 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | openshift |
Version: openshift 3.3.1.11 Version: openshift 3.2.1.23 Version: openshift 3.4 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:59:02.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", }, { name: "94991", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94991", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift", vendor: "unspecified", versions: [ { status: "affected", version: "openshift 3.3.1.11", }, { status: "affected", version: " openshift 3.2.1.23", }, { status: "affected", version: " openshift 3.4", }, ], }, ], datePublic: "2016-12-19T00:00:00", descriptions: [ { lang: "en", value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-460", description: "CWE-460", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-17T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", }, { name: "94991", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94991", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-9592", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift", version: { version_data: [ { version_value: "openshift 3.3.1.11", }, { version_value: " openshift 3.2.1.23", }, { version_value: " openshift 3.4", }, ], }, }, ], }, vendor_name: "", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.", }, ], }, impact: { cvss: [ [ { vectorString: "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], [ { vectorString: "3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-460", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9592", }, { name: "94991", refsource: "BID", url: "http://www.securityfocus.com/bid/94991", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-9592", datePublished: "2018-04-16T14:00:00", dateReserved: "2016-11-23T00:00:00", dateUpdated: "2024-08-06T02:59:02.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10715
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/openshift/origin-web-console/pull/3173 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1767665 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openshift/console |
Version: 3.11 and 4.x |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:14:14.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openshift/origin-web-console/pull/3173", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "openshift/console", vendor: "n/a", versions: [ { status: "affected", version: "3.11 and 4.x", }, ], }, ], descriptions: [ { lang: "en", value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-16T18:00:27", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/openshift/origin-web-console/pull/3173", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-10715", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "openshift/console", version: { version_data: [ { version_value: "3.11 and 4.x", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/openshift/origin-web-console/pull/3173", refsource: "MISC", url: "https://github.com/openshift/origin-web-console/pull/3173", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1767665", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-10715", datePublished: "2020-09-16T18:00:27", dateReserved: "2020-03-20T00:00:00", dateUpdated: "2024-08-04T11:14:14.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201607-0547
Vulnerability from variot
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Open vSwitch is prone to multiple remote buffer-overflow vulnerabilities because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow attackers to execute arbitrary code or cause denial-of-service conditions. It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The following versions are affected: OVS Version 2.2.x, Version 2.3.x, Version 2.4.x.
Background
Open vSwitch is a production quality multilayer virtual switch.
Workaround
There is no known workaround at this time.
Resolution
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.5.0"
References
[ 1 ] CVE-2016-2074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--FOwRaKoxFb5txc6jCpaFu8xVgvCjK1wAH--
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openvswitch security update Advisory ID: RHSA-2016:0615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:0615 Issue date: 2016-04-11 CVE Names: CVE-2016-2074 =====================================================================
- Summary:
Updated openvswitch packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.1.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Enterprise 3.1 - noarch, x86_64
- Description:
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. (CVE-2016-2074)
Red Hat would like to thank the Open vSwitch Project for reporting these issues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as the original reporters of CVE-2016-2074.
This update includes the following images:
openshift3/openvswitch:v3.1.1.6-9 aep3_beta/openvswitch:v3.1.1.6-9 openshift3/node:v3.1.1.6-16 aep3_beta/node:v3.1.1.6-16
All openvswitch users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability
- Package List:
Red Hat OpenShift Enterprise 3.1:
Source: openvswitch-2.4.0-2.el7_2.src.rpm
noarch: openvswitch-test-2.4.0-2.el7_2.noarch.rpm python-openvswitch-2.4.0-2.el7_2.noarch.rpm
x86_64: openvswitch-2.4.0-2.el7_2.x86_64.rpm openvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm openvswitch-devel-2.4.0-2.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2074 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK /IpUBYvFD22Fc2VwgoAoq2g= =EyZn -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (jessie), this problem has been fixed in version 2.3.0+git20140819-3+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2.3.0+git20140819-4.
We recommend that you upgrade your openvswitch packages. Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0547", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openshift", scope: "eq", trust: 1.6, vendor: "redhat", version: "3.1", }, { model: "openvswitch", scope: "eq", trust: 1, vendor: "openvswitch", version: "2.3.0", }, { model: "openvswitch", scope: "eq", trust: 1, vendor: "openvswitch", version: "2.4.0", }, { model: "openvswitch", scope: "eq", trust: 1, vendor: "openvswitch", version: "2.3.1", }, { model: "openvswitch", scope: "eq", trust: 1, vendor: "openvswitch", version: "2.2.0", }, { model: "openvswitch", scope: "eq", trust: 1, vendor: "openvswitch", version: "2.3.2", }, { model: "open vswitch", scope: "lt", trust: 0.8, vendor: "open vswitch", version: "2.4.x", }, { model: "open vswitch", scope: "lt", trust: 0.8, vendor: "open vswitch", version: "2.3.x", }, { model: "openshift", scope: "eq", trust: 0.8, vendor: "red hat", version: "enterprise", }, { model: "open vswitch", scope: "eq", trust: 0.8, vendor: "open vswitch", version: "2.3.3", }, { model: "open vswitch", scope: "eq", trust: 0.8, vendor: "open vswitch", version: "2.2.x", }, { model: "open vswitch", scope: "eq", trust: 0.8, vendor: "open vswitch", version: "2.4.1", }, { model: "openstack", scope: "eq", trust: 0.3, vendor: "redhat", version: "7.0", }, { model: "enterprise linux openstack platform for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "75.0", }, { model: "vswitch open vswitch", scope: "eq", trust: 0.3, vendor: "open", version: "2.4", }, { model: "vswitch open vswitch", scope: "eq", trust: 0.3, vendor: "open", version: "2.3", }, { model: "vswitch open vswitch", scope: "eq", trust: 0.3, vendor: "open", version: "2.2", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "xenserver cu1", scope: "eq", trust: 0.3, vendor: "citrix", version: "7.1", }, { model: "xenserver", scope: "eq", trust: 0.3, vendor: "citrix", version: "7.0", }, { model: "vswitch open vswitch", scope: "ne", trust: 0.3, vendor: "open", version: "2.5", }, ], sources: [ { db: "BID", id: "85700", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "NVD", id: "CVE-2016-2074", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-2074", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, ], trust: 0.4, }, cve: "CVE-2016-2074", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2016-2074", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-90893", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2016-2074", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-2074", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-201603-406", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-90893", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-2074", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-90893", }, { db: "VULMON", id: "CVE-2016-2074", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "NVD", id: "CVE-2016-2074", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Open vSwitch is prone to multiple remote buffer-overflow vulnerabilities because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow attackers to execute arbitrary code or cause denial-of-service conditions. It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. The following versions are affected: OVS Version 2.2.x, Version 2.3.x, Version 2.4.x. \n\nBackground\n==========\n\nOpen vSwitch is a production quality multilayer virtual switch. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Open vSwitch users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openvswitch-2.5.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2074\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2074\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--FOwRaKoxFb5txc6jCpaFu8xVgvCjK1wAH--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openvswitch security update\nAdvisory ID: RHSA-2016:0615-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:0615\nIssue date: 2016-04-11\nCVE Names: CVE-2016-2074 \n=====================================================================\n\n1. Summary:\n\nUpdated openvswitch packages that fix one security issue are now available \nfor Red Hat OpenShift Enterprise 3.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Enterprise 3.1 - noarch, x86_64\n\n3. Description:\n\nOpenShift Enterprise by Red Hat is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or private\ncloud deployments. \n\nA buffer overflow flaw was discovered in the OVS processing of MPLS labels. \nA remote attacker able to deliver a frame containing a malicious MPLS label\nthat would be processed by OVS could trigger the flaw and use the resulting\nmemory corruption to cause a denial of service (DoS) or, possibly, execute \narbitrary code. (CVE-2016-2074)\n\nRed Hat would like to thank the Open vSwitch Project for reporting these \nissues. Upstream acknowledges Kashyap Thimmaraju and Bhargava Shastry as \nthe original reporters of CVE-2016-2074. \n\nThis update includes the following images:\n\nopenshift3/openvswitch:v3.1.1.6-9\naep3_beta/openvswitch:v3.1.1.6-9\nopenshift3/node:v3.1.1.6-16\naep3_beta/node:v3.1.1.6-16\n\nAll openvswitch users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1318553 - CVE-2016-2074 openvswitch: MPLS buffer overflow vulnerability\n\n6. Package List:\n\nRed Hat OpenShift Enterprise 3.1:\n\nSource:\nopenvswitch-2.4.0-2.el7_2.src.rpm\n\nnoarch:\nopenvswitch-test-2.4.0-2.el7_2.noarch.rpm\npython-openvswitch-2.4.0-2.el7_2.noarch.rpm\n\nx86_64:\nopenvswitch-2.4.0-2.el7_2.x86_64.rpm\nopenvswitch-debuginfo-2.4.0-2.el7_2.x86_64.rpm\nopenvswitch-devel-2.4.0-2.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2074\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXDKHJXlSAg2UNWIIRArVMAJ9kWC3bedooegoZ6ADWrLKD9xKzCQCfUQmK\n/IpUBYvFD22Fc2VwgoAoq2g=\n=EyZn\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.3.0+git20140819-3+deb8u1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.0+git20140819-4. \n\nWe recommend that you upgrade your openvswitch packages. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic", sources: [ { db: "NVD", id: "CVE-2016-2074", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "BID", id: "85700", }, { db: "VULHUB", id: "VHN-90893", }, { db: "VULMON", id: "CVE-2016-2074", }, { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-2074", trust: 3.5, }, { db: "BID", id: "85700", trust: 1.5, }, { db: "JVNDB", id: "JVNDB-2016-003485", trust: 0.8, }, { db: "OPENWALL", id: "OSS-SECURITY/2016/03/29/1", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201603-406", trust: 0.6, }, { db: "PACKETSTORM", id: "136483", trust: 0.2, }, { db: "PACKETSTORM", id: "136470", trust: 0.2, }, { db: "PACKETSTORM", id: "136659", trust: 0.2, }, { db: "PACKETSTORM", id: "136469", trust: 0.2, }, { db: "PACKETSTORM", id: "136464", trust: 0.2, }, { db: "VULHUB", id: "VHN-90893", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-2074", trust: 0.1, }, { db: "PACKETSTORM", id: "140320", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-90893", }, { db: "VULMON", id: "CVE-2016-2074", }, { db: "BID", id: "85700", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, { db: "NVD", id: "CVE-2016-2074", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], }, id: "VAR-201607-0547", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-90893", }, ], trust: 0.725, }, last_update_date: "2023-12-18T13:19:40.697000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "[ovs-announce] Open vSwitch 2.4.1 and 2.3.3 Available", trust: 0.8, url: "http://openvswitch.org/pipermail/announce/2016-march/000083.html", }, { title: "Top Page", trust: 0.8, url: "http://openvswitch.org/", }, { title: "[ovs-announce] CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch", trust: 0.8, url: "http://openvswitch.org/pipermail/announce/2016-march/000082.html", }, { title: "Bug 1318553", trust: 0.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { title: "RHSA-2016:0615", trust: 0.8, url: "https://access.redhat.com/errata/rhsa-2016:0615", }, { title: "CVE-2016-2074", trust: 0.8, url: "https://security-tracker.debian.org/tracker/cve-2016-2074", }, { title: "Debian Security Advisories: DSA-3533-1 openvswitch -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=315e4d420e18888a1f323d0bb1f6011f", }, { title: "Red Hat: CVE-2016-2074", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2016-2074", }, { title: "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=181b7d97210e9284f8fa51fda2290181", }, { title: "secure-vhost", trust: 0.1, url: "https://github.com/ictyangye/secure-vhost ", }, ], sources: [ { db: "VULMON", id: "CVE-2016-2074", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-90893", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "NVD", id: "CVE-2016-2074", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1318553", }, { trust: 1.8, url: "https://security-tracker.debian.org/tracker/cve-2016-2074", }, { trust: 1.8, url: "http://openvswitch.org/pipermail/announce/2016-march/000082.html", }, { trust: 1.8, url: "http://openvswitch.org/pipermail/announce/2016-march/000083.html", }, { trust: 1.5, url: "https://support.citrix.com/article/ctx232655", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/85700", }, { trust: 1.3, url: "https://security.gentoo.org/glsa/201701-07", }, { trust: 1.3, url: "http://rhn.redhat.com/errata/rhsa-2016-0523.html", }, { trust: 1.3, url: "http://rhn.redhat.com/errata/rhsa-2016-0524.html", }, { trust: 1.3, url: "http://rhn.redhat.com/errata/rhsa-2016-0537.html", }, { trust: 1.3, url: "https://access.redhat.com/errata/rhsa-2016:0615", }, { trust: 1.2, url: "http://www.debian.org/security/2016/dsa-3533", }, { trust: 0.9, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2074", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2074", }, { trust: 0.6, url: "http://www.openwall.com/lists/oss-security/2016/03/29/1", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2074", }, { trust: 0.4, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.4, url: "https://bugzilla.redhat.com/):", }, { trust: 0.4, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.4, url: "https://access.redhat.com/articles/11258", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2016-2074", }, { trust: 0.4, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.4, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.3, url: "http://openvswitch.org/", }, { trust: 0.3, url: "http://seclists.org/oss-sec/2016/q1/706", }, { trust: 0.3, url: "https://access.redhat.com/errata/rhsa-2016:0537", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/119.html", }, { trust: 0.1, url: "https://github.com/ictyangye/secure-vhost", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.debian.org/security/./dsa-3533", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, ], sources: [ { db: "VULHUB", id: "VHN-90893", }, { db: "VULMON", id: "CVE-2016-2074", }, { db: "BID", id: "85700", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, { db: "NVD", id: "CVE-2016-2074", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-90893", }, { db: "VULMON", id: "CVE-2016-2074", }, { db: "BID", id: "85700", }, { db: "JVNDB", id: "JVNDB-2016-003485", }, { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, { db: "NVD", id: "CVE-2016-2074", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-03T00:00:00", db: "VULHUB", id: "VHN-90893", }, { date: "2016-07-03T00:00:00", db: "VULMON", id: "CVE-2016-2074", }, { date: "2016-03-28T00:00:00", db: "BID", id: "85700", }, { date: "2016-07-11T00:00:00", db: "JVNDB", id: "JVNDB-2016-003485", }, { date: "2017-01-02T16:48:46", db: "PACKETSTORM", id: "140320", }, { date: "2016-04-12T15:13:15", db: "PACKETSTORM", id: "136659", }, { date: "2016-03-30T15:10:59", db: "PACKETSTORM", id: "136470", }, { date: "2016-03-29T15:15:27", db: "PACKETSTORM", id: "136464", }, { date: "2016-03-30T15:10:48", db: "PACKETSTORM", id: "136469", }, { date: "2016-03-30T23:29:15", db: "PACKETSTORM", id: "136483", }, { date: "2016-07-03T21:59:10.837000", db: "NVD", id: "CVE-2016-2074", }, { date: "2016-03-29T00:00:00", db: "CNNVD", id: "CNNVD-201603-406", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-23T00:00:00", db: "VULHUB", id: "VHN-90893", }, { date: "2018-03-23T00:00:00", db: "VULMON", id: "CVE-2016-2074", }, { date: "2018-03-23T08:00:00", db: "BID", id: "85700", }, { date: "2016-09-05T00:00:00", db: "JVNDB", id: "JVNDB-2016-003485", }, { date: "2018-03-23T01:29:00.523000", db: "NVD", id: "CVE-2016-2074", }, { date: "2016-07-04T00:00:00", db: "CNNVD", id: "CNNVD-201603-406", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, { db: "CNNVD", id: "CNNVD-201603-406", }, ], trust: 1.2, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Open vSwitch of ovs-vswitchd of lib/flow.c Vulnerable to buffer overflow", sources: [ { db: "JVNDB", id: "JVNDB-2016-003485", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "overflow, arbitrary", sources: [ { db: "PACKETSTORM", id: "140320", }, { db: "PACKETSTORM", id: "136659", }, { db: "PACKETSTORM", id: "136470", }, { db: "PACKETSTORM", id: "136464", }, { db: "PACKETSTORM", id: "136469", }, { db: "PACKETSTORM", id: "136483", }, ], trust: 0.6, }, }
var-201805-1189
Vulnerability from variot
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)
-
spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)
-
spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 =====================================================================
- Summary:
An update is now available for Red Hat Fuse.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions.
Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently.
This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
xmlrpc: Deserialization of untrusted Java object through tag (CVE-2016-5003)
-
tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
-
ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018)
-
apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
-
xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002)
-
undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)
-
spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)
-
kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288)
-
tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)
-
camel-mail: path traversal vulnerability (CVE-2018-8041)
-
vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537)
-
spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat).
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability
- References:
https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1189", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openshift", scope: "eq", trust: 1.6, vendor: "redhat", version: null, }, { model: "enterprise manager ops center", scope: "eq", trust: 1, vendor: "oracle", version: "12.3.3", }, { model: "goldengate for big data", scope: "eq", trust: 1, vendor: "oracle", version: "12.3.2.1", }, { model: "hospitality guest access", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "2.0.0.0", }, { model: "primavera gateway", scope: "eq", trust: 1, vendor: "oracle", version: "17.12", }, { model: "agile product lifecycle management", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.4", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.3.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.1", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "communications performance intelligence center", scope: "lt", trust: 1, vendor: "oracle", version: "10.2.1", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.2", }, { model: "tape library acsls", scope: "eq", trust: 1, vendor: "oracle", version: "8.4", }, { model: "insurance calculation engine", scope: "eq", trust: 1, vendor: "oracle", version: "10.2.1", }, { model: "agile product lifecycle management", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.6", }, { model: "big data discovery", scope: "eq", trust: 1, vendor: "oracle", version: "1.6.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "10.3.6.0.0", }, { model: "communications services gatekeeper", scope: "lt", trust: 1, vendor: "oracle", version: "6.1.0.4.0", }, { model: "retail open commerce platform", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.1", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0.5.0", }, { model: "utilities network management system", scope: "eq", trust: 1, vendor: "oracle", version: "1.12.0.3", }, { model: "retail customer insights", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.5.0.3", }, { model: "endeca information discovery integrator", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.0.1", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "service architecture leveraging tuxedo", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.3.0.0", }, { model: "retail open commerce platform", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.0", }, { model: "communications converged application server", scope: "lt", trust: 1, vendor: "oracle", version: "7.0.0.1", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.2", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.1.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 1, vendor: "oracle", version: "4.0", }, { model: "spring framework", scope: "lt", trust: 1, vendor: "vmware", version: "4.3.17", }, { model: "agile product lifecycle management", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.5", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.5", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.0.0.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "5.1", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "2.2.0.1", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.1.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "11.0", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "goldengate for big data", scope: "eq", trust: 1, vendor: "oracle", version: "12.3.1.1", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "spring framework", scope: "lt", trust: 1, vendor: "vmware", version: "5.0.6", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.3.0.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "retail open commerce platform", scope: "eq", trust: 1, vendor: "oracle", version: "5.3.0", }, { model: "enterprise manager for mysql database", scope: "eq", trust: 1, vendor: "oracle", version: "13.2", }, { model: "service architecture leveraging tuxedo", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.2.0.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "11.1", }, { model: "primavera gateway", scope: "eq", trust: 1, vendor: "oracle", version: "15.2", }, { model: "primavera gateway", scope: "eq", trust: 1, vendor: "oracle", version: "16.2", }, { model: "healthcare master person index", scope: "eq", trust: 1, vendor: "oracle", version: "3.0", }, { model: "agile product lifecycle management", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.3", }, { model: "goldengate for big data", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 1, vendor: "oracle", version: "10.2", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.4", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "5.2", }, { model: "insurance calculation engine", scope: "eq", trust: 1, vendor: "oracle", version: "10.1.1", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.3.0.1", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.3.0.0.0", }, { model: "communications diameter signaling router", scope: "lt", trust: 1, vendor: "oracle", version: "8.3", }, { model: "spring framework", scope: "gte", trust: 1, vendor: "vmware", version: "5.0.0", }, { model: "endeca information discovery integrator", scope: "eq", trust: 1, vendor: "oracle", version: "3.1.0", }, { model: "flexcube private banking", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0.0", }, { model: "hospitality guest access", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.1", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.0", }, { model: "retail customer insights", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "health sciences information manager", scope: "eq", trust: 1, vendor: "oracle", version: "3.0", }, { model: "spring framework", scope: "eq", trust: 0.8, vendor: "pivotal", version: "4.3.17", }, { model: "openshift", scope: null, trust: 0.8, vendor: "red hat", version: null, }, { model: "spring framework", scope: "lt", trust: 0.8, vendor: "pivotal", version: "4.3.x", }, { model: "spring framework", scope: "lt", trust: 0.8, vendor: "pivotal", version: "5.0.x", }, { model: "spring framework", scope: "eq", trust: 0.8, vendor: "pivotal", version: "5.0.6", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "4.3", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0.1", }, { model: "spring framework", scope: "ne", trust: 0.3, vendor: "pivotal", version: "4.3.17", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0.4", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0.2", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0.3", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "4.3.15", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "4.3.14", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "5.0.5", }, { model: "spring framework", scope: "ne", trust: 0.3, vendor: "pivotal", version: "5.0.6", }, { model: "spring framework", scope: "eq", trust: 0.3, vendor: "pivotal", version: "4.3.16", }, ], sources: [ { db: "BID", id: "104260", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "NVD", id: "CVE-2018-1257", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.17", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.0.6", versionStartIncluding: "5.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.1.0.4.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-1257", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.", sources: [ { db: "BID", id: "104260", }, ], trust: 0.3, }, cve: "CVE-2018-1257", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 4, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-1257", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "VHN-122542", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-1257", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-1257", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201805-405", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-122542", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-1257", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-122542", }, { db: "VULMON", id: "CVE-2018-1257", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "NVD", id: "CVE-2018-1257", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nSpring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\n* spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)\n\n* spring-security-oauth2: Remote Code Execution with spring-security-oauth2\n(CVE-2018-1260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat Fuse 7.2 security update\nAdvisory ID: RHSA-2018:3768-01\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3768\nIssue date: 2018-12-04\nCVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 \n CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 \n CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 \n CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat Fuse. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse enables integration experts, application developers, and\nbusiness users to collaborate and independently develop connected\nsolutions. \n\nFuse is part of an agile integration solution. Its distributed approach\nallows teams to deploy integrated services where required. The API-centric,\ncontainer-based architecture decouples services so they can be created,\nextended, and deployed independently. \n\nThis release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse\n7.1, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* xmlrpc: Deserialization of untrusted Java object through\n<ex:serializable> tag (CVE-2016-5003)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* ignite: Improper deserialization allows for code execution via\nGridClientJdkMarshaller endpoint (CVE-2018-8018)\n\n* apache-cxf: TLS hostname verification does not work correctly with\ncom.sun.net.ssl.* (CVE-2018-8039)\n\n* xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n(CVE-2016-5002)\n\n* undertow: Client can use bogus uri in Digest authentication\n(CVE-2017-12196)\n\n* spring-data-commons: XXE with Spring Dataas XMLBeam integration\n(CVE-2018-1259)\n\n* kafka: Users can perform Broker actions via crafted fetch requests,\ninterfering with data replication and causing data lass (CVE-2018-1288)\n\n* tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for\nall origins (CVE-2018-8014)\n\n* camel-mail: path traversal vulnerability (CVE-2018-8041)\n\n* vertx: Improper neutralization of CRLF sequences allows remote attackers\nto inject arbitrary HTTP response headers (CVE-2018-12537)\n\n* spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Eedo Shapira (GE Digital) for reporting\nCVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red\nHat). \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication\n1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD\n1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag\n1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging\n1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration\n1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins\n1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint\n1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass\n1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5002\nhttps://access.redhat.com/security/cve/CVE-2016-5003\nhttps://access.redhat.com/security/cve/CVE-2017-12196\nhttps://access.redhat.com/security/cve/CVE-2018-1257\nhttps://access.redhat.com/security/cve/CVE-2018-1259\nhttps://access.redhat.com/security/cve/CVE-2018-1288\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-8014\nhttps://access.redhat.com/security/cve/CVE-2018-8018\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-8041\nhttps://access.redhat.com/security/cve/CVE-2018-12537\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/\nhttps://access.redhat.com/articles/2939351\n\n6. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B\nRWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI\n87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF\nEa+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/\nBVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4\nahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H\nbcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S\nWlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf\ndbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9\n1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA\ne4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g\nUOgTm4iHIhQ=\n=RCpd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2018-1257", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "BID", id: "104260", }, { db: "VULHUB", id: "VHN-122542", }, { db: "VULMON", id: "CVE-2018-1257", }, { db: "PACKETSTORM", id: "148079", }, { db: "PACKETSTORM", id: "150645", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-1257", trust: 3.1, }, { db: "BID", id: "104260", trust: 2.1, }, { db: "JVNDB", id: "JVNDB-2018-005091", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201805-405", trust: 0.6, }, { db: "PACKETSTORM", id: "148079", trust: 0.2, }, { db: "VULHUB", id: "VHN-122542", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-1257", trust: 0.1, }, { db: "PACKETSTORM", id: "150645", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-122542", }, { db: "VULMON", id: "CVE-2018-1257", }, { db: "BID", id: "104260", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "PACKETSTORM", id: "148079", }, { db: "PACKETSTORM", id: "150645", }, { db: "NVD", id: "CVE-2018-1257", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, id: "VAR-201805-1189", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-122542", }, ], trust: 0.01, }, last_update_date: "2023-12-18T11:14:21.447000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "CVE-2018-1257: ReDoS Attack with spring-messaging", trust: 0.8, url: "https://pivotal.io/security/cve-2018-1257", }, { title: "RHSA-2018:1809", trust: 0.8, url: "https://access.redhat.com/errata/rhsa-2018:1809", }, { title: "Pivotal Spring Framework Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80032", }, { title: "Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181809 - security advisory", }, { title: "Red Hat: CVE-2018-1257", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2018-1257", }, { title: "Red Hat: Important: Red Hat Fuse 7.2 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20183768 - security advisory", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2019", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2018", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385", }, { title: "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37", }, { title: "cybsec", trust: 0.1, url: "https://github.com/ilmari666/cybsec ", }, ], sources: [ { db: "VULMON", id: "CVE-2018-1257", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-20", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-122542", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "NVD", id: "CVE-2018-1257", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "http://www.securityfocus.com/bid/104260", }, { trust: 2.1, url: "https://pivotal.io/security/cve-2018-1257", }, { trust: 2, url: "https://access.redhat.com/errata/rhsa-2018:1809", }, { trust: 1.9, url: "https://access.redhat.com/errata/rhsa-2018:3768", }, { trust: 1.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { trust: 1.8, url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { trust: 1.8, url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { trust: 1.8, url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { trust: 1.8, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1.8, url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { trust: 1.8, url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1257", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/", }, { trust: 0.3, url: "http://pivotal.io/", }, { trust: 0.2, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2018-1259", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1259", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2018-1257", }, { trust: 0.2, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/ilmari666/cybsec", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=57884", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot&downloadtype=distributions&version=1.5.13", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1260", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1260", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8018", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5003", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-12537", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8014", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=distributions&version=7.2.0", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8041", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1288", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5002", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1336", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5002", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5003", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-12196", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8039", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8018", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8039", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1288", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-12537", }, { trust: 0.1, url: "https://access.redhat.com/articles/2939351", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1336", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8014", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8041", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-12196", }, ], sources: [ { db: "VULHUB", id: "VHN-122542", }, { db: "VULMON", id: "CVE-2018-1257", }, { db: "BID", id: "104260", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "PACKETSTORM", id: "148079", }, { db: "PACKETSTORM", id: "150645", }, { db: "NVD", id: "CVE-2018-1257", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-122542", }, { db: "VULMON", id: "CVE-2018-1257", }, { db: "BID", id: "104260", }, { db: "JVNDB", id: "JVNDB-2018-005091", }, { db: "PACKETSTORM", id: "148079", }, { db: "PACKETSTORM", id: "150645", }, { db: "NVD", id: "CVE-2018-1257", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-11T00:00:00", db: "VULHUB", id: "VHN-122542", }, { date: "2018-05-11T00:00:00", db: "VULMON", id: "CVE-2018-1257", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104260", }, { date: "2018-07-05T00:00:00", db: "JVNDB", id: "JVNDB-2018-005091", }, { date: "2018-06-07T15:16:13", db: "PACKETSTORM", id: "148079", }, { date: "2018-12-06T02:15:34", db: "PACKETSTORM", id: "150645", }, { date: "2018-05-11T20:29:00.213000", db: "NVD", id: "CVE-2018-1257", }, { date: "2018-05-14T00:00:00", db: "CNNVD", id: "CNNVD-201805-405", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-08-24T00:00:00", db: "VULHUB", id: "VHN-122542", }, { date: "2022-06-23T00:00:00", db: "VULMON", id: "CVE-2018-1257", }, { date: "2018-05-09T00:00:00", db: "BID", id: "104260", }, { date: "2018-07-05T00:00:00", db: "JVNDB", id: "JVNDB-2018-005091", }, { date: "2022-06-23T16:31:30.630000", db: "NVD", id: "CVE-2018-1257", }, { date: "2021-10-21T00:00:00", db: "CNNVD", id: "CNNVD-201805-405", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201805-405", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Spring Framework Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-005091", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input Validation Error", sources: [ { db: "BID", id: "104260", }, { db: "CNNVD", id: "CNNVD-201805-405", }, ], trust: 0.9, }, }
var-202310-0175
Vulnerability from variot
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: dotnet6.0 security update Advisory ID: RHSA-2023:5710-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5710 Issue date: 2023-10-16 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5558-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 18, 2023 https://www.debian.org/security/faq
Package : netty CVE ID : CVE-2023-34462 CVE-2023-44487 Debian Bug : 1038947 1054234
Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.
CVE-2023-34462
It might be possible for a remote peer to send a client hello packet during
a TLS handshake which lead the server to buffer up to 16 MB of data per
connection. This could lead to a OutOfMemoryError and so result in a denial
of service.
This problem is also known as Rapid Reset Attack.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in version 1:4.1.48-7+deb12u1.
We recommend that you upgrade your netty packages.
For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97 UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0 eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH 1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1 g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0 P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI= =4ExT -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "node maintenance operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "jboss core services", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "go", scope: "gte", trust: 1, vendor: "golang", version: "1.21.0", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.19.1", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "crosswork zero touch provisioning", scope: "lt", trust: 1, vendor: "cisco", version: "6.0.0", }, { model: "big-ip policy enforcement manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "integration camel for spring boot", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "windows 10 1809", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.17763.4974", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "advanced cluster security", scope: "eq", trust: 1, vendor: "redhat", version: "4.0", }, { model: "expressway", scope: "lt", trust: 1, vendor: "cisco", version: "x14.3.3", }, { model: "ultra cloud core - policy control function", scope: "eq", trust: 1, vendor: "cisco", version: "2024.01.0", }, { model: "traffic server", scope: "gte", trust: 1, vendor: "apache", version: "9.0.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.6", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "11.0", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "openshift container platform", scope: "eq", trust: 1, vendor: "redhat", version: "4.0", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "satellite", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "crosswork data gateway", scope: "lt", trust: 1, vendor: "cisco", version: "4.1.3", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "nx-os", scope: "lt", trust: 1, vendor: "cisco", version: "10.2\\(7\\)", }, { model: "nginx plus", scope: "gte", trust: 1, vendor: "f5", version: "r25", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "service interconnect", scope: "eq", trust: 1, vendor: "redhat", version: "1.0", }, { model: "fog director", scope: "lt", trust: 1, vendor: "cisco", version: "1.22", }, { model: "unified contact center domain manager", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "asp.net core", scope: "lt", trust: 1, vendor: "microsoft", version: "7.0.12", }, { model: "migration toolkit for applications", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip ddos hybrid defender", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "crosswork data gateway", scope: "eq", trust: 1, vendor: "cisco", version: "5.0", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "go", scope: "lt", trust: 1, vendor: "golang", version: "1.20.10", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: ".net", scope: "lt", trust: 1, vendor: "microsoft", version: "6.0.23", }, { model: "ultra cloud core - policy control function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.01.0", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "enterprise chat and email", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "8.5.93", }, { model: "proxygen", scope: "lt", trust: 1, vendor: "facebook", version: "2023.10.16.00", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "process automation", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application acceleration manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "build of optaplanner", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "jenkins", scope: "lte", trust: 1, vendor: "jenkins", version: "2.427", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.7.5", }, { model: "telepresence video communication server", scope: "lt", trust: 1, vendor: "cisco", version: "x14.3.3", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip ssl orchestrator", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "nginx plus", scope: "eq", trust: 1, vendor: "f5", version: "r30", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "node.js", scope: "lt", trust: 1, vendor: "nodejs", version: "20.8.1", }, { model: "big-ip carrier-grade nat", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "swiftnio http\\/2", scope: "lt", trust: 1, vendor: "apple", version: "1.28.0", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.13.0", }, { model: "caddy", scope: "lt", trust: 1, vendor: "caddyserver", version: "2.7.5", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "10.1.0", }, { model: "astra control center", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "fence agents remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "cert-manager operator for red hat openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "advanced cluster management for kubernetes", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "solr", scope: "lt", trust: 1, vendor: "apache", version: "9.4.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "secure web appliance", scope: "lt", trust: 1, vendor: "cisco", version: "15.1.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "3scale api management platform", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "http", scope: "eq", trust: 1, vendor: "ietf", version: "2.0", }, { model: "openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip access policy manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "certification for red hat enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "migration toolkit for containers", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: ".net", scope: "lt", trust: 1, vendor: "microsoft", version: "7.0.12", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.2.20", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "go", scope: "lt", trust: 1, vendor: "golang", version: "1.21.3", }, { model: "windows 11 21h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.22000.2538", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "9.4.53", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "jenkins", scope: "lte", trust: 1, vendor: "jenkins", version: "2.414.2", }, { model: "traffic server", scope: "lt", trust: 1, vendor: "apache", version: "8.1.9", }, { model: "tomcat", scope: "eq", trust: 1, vendor: "apache", version: "11.0.0", }, { model: "apisix", scope: "lt", trust: 1, vendor: "apache", version: "3.6.1", }, { model: "certification for red hat enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "9.0", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "jboss a-mq streams", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip domain name system", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "ios xr", scope: "lt", trust: 1, vendor: "cisco", version: "7.11.2", }, { model: "ultra cloud core - session management function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.02.0", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "varnish cache", scope: "lt", trust: 1, vendor: "varnish cache", version: "2023-10-10", }, { model: "single sign-on", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows 10 1607", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.14393.6351", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.14.1", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.25.9", }, { model: "jboss data grid", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "12.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "machine deletion remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.4", }, { model: "nginx plus", scope: "lt", trust: 1, vendor: "f5", version: "r29", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "grpc", scope: "lt", trust: 1, vendor: "grpc", version: "1.56.3", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "openresty", scope: "lt", trust: 1, vendor: "openresty", version: "1.21.4.3", }, { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "1.9.5", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "nginx plus", scope: "eq", trust: 1, vendor: "f5", version: "r29", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "38", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "windows 10 21h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.19044.3570", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.17.6", }, { model: "advanced cluster security", scope: "eq", trust: 1, vendor: "redhat", version: "3.0", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "17.1", }, { model: "windows server 2022", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "big-ip analytics", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip advanced web application firewall", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "cbl-mariner", scope: "lt", trust: 1, vendor: "microsoft", version: "2023-10-11", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "traefik", scope: "lt", trust: 1, vendor: "traefik", version: "2.10.5", }, { model: "openshift data science", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip global traffic manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip link controller", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "node healthcheck operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "openshift gitops", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "data center network manager", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "openshift container platform assisted installer", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "ultra cloud core - serving gateway function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.02.0", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "12.0.2", }, { model: "opensearch data prepper", scope: "lt", trust: 1, vendor: "amazon", version: "2.5.0", }, { model: "prime network registrar", scope: "lt", trust: 1, vendor: "cisco", version: "11.2", }, { model: "nx-os", scope: "lt", trust: 1, vendor: "cisco", version: "10.3\\(5\\)", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.13.1", }, { model: "big-ip next service proxy for kubernetes", scope: "gte", trust: 1, vendor: "f5", version: "1.5.0", }, { model: "openshift serverless", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "http2", scope: "lt", trust: 1, vendor: "golang", version: "0.17.0", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "istio", scope: "gte", trust: 1, vendor: "istio", version: "1.18.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "oncommand insight", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "jboss fuse", scope: "eq", trust: 1, vendor: "redhat", version: "6.0.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "node.js", scope: "gte", trust: 1, vendor: "nodejs", version: "18.0.0", }, { model: "traefik", scope: "eq", trust: 1, vendor: "traefik", version: "3.0.0", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "windows 10 22h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.19045.3570", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "http server", scope: "lt", trust: 1, vendor: "akka", version: "10.5.3", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "ansible automation platform", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.24.10", }, { model: "http2", scope: "lt", trust: 1, vendor: "kazu yamamoto", version: "4.2.2", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "cryostat", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "openshift distributed tracing", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "unified contact center management portal", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "kong gateway", scope: "lt", trust: 1, vendor: "konghq", version: "3.4.2", }, { model: "istio", scope: "gte", trust: 1, vendor: "istio", version: "1.19.0", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "8.5.0", }, { model: "support for spring boot", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "jboss fuse", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows server 2016", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "grpc", scope: "gte", trust: 1, vendor: "grpc", version: "1.58.0", }, { model: "build of quarkus", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "logging subsystem for red hat openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "11.0.17", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "cost management", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "traffic server", scope: "gte", trust: 1, vendor: "apache", version: "8.0.0", }, { model: "service telemetry framework", scope: "eq", trust: 1, vendor: "redhat", version: "1.5", }, { model: "big-ip advanced firewall manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.6.8", }, { model: "secure malware analytics", scope: "lt", trust: 1, vendor: "cisco", version: "2.19.2", }, { model: "quay", scope: "eq", trust: 1, vendor: "redhat", version: "3.0.0", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.14.0", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows 11 22h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.22621.2428", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "decision manager", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "grpc", scope: "lte", trust: 1, vendor: "grpc", version: "1.59.2", }, { model: "nghttp2", scope: "lt", trust: 1, vendor: "nghttp2", version: "1.57.0", }, { model: "openshift service mesh", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "grpc", scope: "lt", trust: 1, vendor: "grpc", version: "1.58.3", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "16.2", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "prime cable provisioning", scope: "lt", trust: 1, vendor: "cisco", version: "7.2.1", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.0", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "9.0.0", }, { model: "openshift virtualization", scope: "eq", trust: 1, vendor: "redhat", version: "4", }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "openshift secondary scheduler operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "jboss enterprise application platform", scope: "eq", trust: 1, vendor: "redhat", version: "6.0.0", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application visibility and reporting", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "linkerd", scope: "gte", trust: 1, vendor: "linkerd", version: "2.12.0", }, { model: "openshift api for data protection", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "node.js", scope: "lt", trust: 1, vendor: "nodejs", version: "18.18.2", }, { model: "jboss a-mq", scope: "eq", trust: 1, vendor: "redhat", version: "7", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "37", }, { model: "prime access registrar", scope: "lt", trust: 1, vendor: "cisco", version: "9.3.3", }, { model: "unified contact center enterprise - live data server", scope: "lt", trust: 1, vendor: "cisco", version: "12.6.2", }, { model: "networking", scope: "lt", trust: 1, vendor: "golang", version: "0.17.0", }, { model: "armeria", scope: "lt", trust: 1, vendor: "linecorp", version: "1.26.0", }, { model: "big-ip websafe", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip next", scope: "eq", trust: 1, vendor: "f5", version: "20.0.1", }, { model: "ios xe", scope: "lt", trust: 1, vendor: "cisco", version: "17.15.1", }, { model: "nx-os", scope: "gte", trust: 1, vendor: "cisco", version: "10.3\\(1\\)", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "16.1", }, { model: "grpc", scope: "eq", trust: 1, vendor: "grpc", version: "1.57.0", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "openshift dev spaces", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "12.0.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "prime infrastructure", scope: "lt", trust: 1, vendor: "cisco", version: "3.10.4", }, { model: "h2o", scope: "lt", trust: 1, vendor: "dena", version: "2023-10-10", }, { model: "nginx ingress controller", scope: "gte", trust: 1, vendor: "f5", version: "3.0.0", }, { model: "openshift pipelines", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip local traffic manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "10.0.0", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip fraud protection service", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "jboss enterprise application platform", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "unified contact center enterprise", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.18.3", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "secure dynamic attributes connector", scope: "lt", trust: 1, vendor: "cisco", version: "2.2.0", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "ceph storage", scope: "eq", trust: 1, vendor: "redhat", version: "5.0", }, { model: "run once duration override operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "integration camel k", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.7", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.27.0", }, { model: "nginx ingress controller", scope: "lte", trust: 1, vendor: "f5", version: "2.4.2", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "integration service registry", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "firepower threat defense", scope: "lt", trust: 1, vendor: "cisco", version: "7.4.2", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "node.js", scope: "gte", trust: 1, vendor: "nodejs", version: "20.0.0", }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "9.0.80", }, { model: "iot field network director", scope: "lt", trust: 1, vendor: "cisco", version: "4.11.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "asp.net core", scope: "gte", trust: 1, vendor: "microsoft", version: "6.0.0", }, { model: "migration toolkit for virtualization", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: ".net", scope: "gte", trust: 1, vendor: "microsoft", version: "6.0.0", }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "11.0.0", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "unified attendant console advanced", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "web terminal", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "traffic server", scope: "lt", trust: 1, vendor: "apache", version: "9.2.3", }, { model: "windows server 2019", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "linkerd", scope: "lte", trust: 1, vendor: "linkerd", version: "2.12.5", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "10.0.17", }, { model: "network observability operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.4.12", }, { model: "azure kubernetes service", scope: "lt", trust: 1, vendor: "microsoft", version: "2023-10-08", }, { model: "openshift sandboxed containers", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip webaccelerator", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "10.1.13", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip application security manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip next service proxy for kubernetes", scope: "lte", trust: 1, vendor: "f5", version: "1.8.2", }, { model: "asp.net core", scope: "gte", trust: 1, vendor: "microsoft", version: "7.0.0", }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "nginx ingress controller", scope: "gte", trust: 1, vendor: "f5", version: "2.0.0", }, { model: "asp.net core", scope: "lt", trust: 1, vendor: "microsoft", version: "6.0.23", }, { model: "openshift developer tools and services", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "connected mobile experiences", scope: "lt", trust: 1, vendor: "cisco", version: "11.1", }, { model: "nginx ingress controller", scope: "lte", trust: 1, vendor: "f5", version: "3.3.0", }, { model: ".net", scope: "gte", trust: 1, vendor: "microsoft", version: "7.0.0", }, { model: "contour", scope: "lt", trust: 1, vendor: "projectcontour", version: "2023-10-11", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "self node remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "9.0", }, { model: "nginx", scope: "lte", trust: 1, vendor: "f5", version: "1.25.2", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.26.4", }, { model: "netty", scope: "lt", trust: 1, vendor: "netty", version: "4.1.100", }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.57.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.1.100", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.0.2", versionStartIncluding: "12.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.0.17", versionStartIncluding: "11.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.17", versionStartIncluding: "10.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.53", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "0.17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.21.3", versionStartIncluding: "1.21.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.20.10", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "0.17.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "r29", versionStartIncluding: "r25", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.8.2", versionStartIncluding: "1.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.25.2", versionStartIncluding: "1.9.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.4.2", versionStartIncluding: "2.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.3.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.80", versionStartIncluding: "9.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.93", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.1.13", versionStartIncluding: "10.1.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*", cpe_name: [], versionEndExcluding: "1.28.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "1.58.3", versionStartIncluding: "1.58.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "1.56.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", cpe_name: [], versionEndIncluding: "1.59.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.19045.3570", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.17763.4974", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.22000.2538", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.22621.2428", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", cpe_name: [], versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", cpe_name: [], versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.19044.3570", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.7.5", versionStartIncluding: "17.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.6.8", versionStartIncluding: "17.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.4.12", versionStartIncluding: "17.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.2.20", versionStartIncluding: "17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-08", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "18.18.2", versionStartIncluding: "18.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "20.8.1", versionStartIncluding: "20.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023.10.16.00", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2.3", versionStartIncluding: "9.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.1.9", versionStartIncluding: "8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.6.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.2.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.19.1", versionStartIncluding: "1.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.18.3", versionStartIncluding: "1.18.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.17.6", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.10.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*", cpe_name: [], versionEndExcluding: "2023-10-11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*", cpe_name: [], versionEndIncluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.26.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*", cpe_name: [], versionEndExcluding: "3.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", cpe_name: [], versionEndIncluding: "2.427", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "2.414.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.21.4.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.10.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.19.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.4.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.22", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.15.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.11.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.1.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "x14.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "x14.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.6.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.02.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.02.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.01.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "15.1.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "175376", }, ], trust: 0.6, }, cve: "CVE-2023-44487", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-44487", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. \n\n\n\n\nDescription:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\nThe following data is constructed from data provided by Red Hat's json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: dotnet6.0 security update\nAdvisory ID: RHSA-2023:5710-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:5710\nIssue date: 2023-10-16\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nAn update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5558-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 18, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : netty\nCVE ID : CVE-2023-34462 CVE-2023-44487\nDebian Bug : 1038947 1054234\n\nTwo security vulnerabilities have been discovered in Netty, a Java NIO\nclient/server socket framework. \n\nCVE-2023-34462\n\n It might be possible for a remote peer to send a client hello packet during\n a TLS handshake which lead the server to buffer up to 16 MB of data per\n connection. This could lead to a OutOfMemoryError and so result in a denial\n of service. \n This problem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:4.1.48-4+deb11u2. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 1:4.1.48-7+deb12u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97\nUNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0\neamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH\n1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB\neAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g\nSUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza\nDa8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1\ng6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom\nrrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0\nP3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg\nO6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=\n=4ExT\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience", sources: [ { db: "NVD", id: "CVE-2023-44487", }, { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44487", trust: 1.9, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/18/8", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/10/6", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/19/6", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/18/4", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/13/4", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/13/9", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/20/8", trust: 1, }, { db: "PACKETSTORM", id: "175239", trust: 0.1, }, { db: "PACKETSTORM", id: "175234", trust: 0.1, }, { db: "PACKETSTORM", id: "175230", trust: 0.1, }, { db: "PACKETSTORM", id: "175126", trust: 0.1, }, { db: "PACKETSTORM", id: "175160", trust: 0.1, }, { db: "PACKETSTORM", id: "178284", trust: 0.1, }, { db: "PACKETSTORM", id: "175875", trust: 0.1, }, { db: "PACKETSTORM", id: "175807", trust: 0.1, }, { db: "PACKETSTORM", id: "175376", trust: 0.1, }, ], sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, id: "VAR-202310-0175", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.465728264, }, last_update_date: "2024-07-23T21:36:24.758000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-400", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { trust: 1, url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { trust: 1, url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { trust: 1, url: "https://aws.amazon.com/security/security-bulletins/aws-2023-011/", }, { trust: 1, url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { trust: 1, url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { trust: 1, url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { trust: 1, url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { trust: 1, url: "https://blog.vespa.ai/cve-2023-44487/", }, { trust: 1, url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { trust: 1, url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { trust: 1, url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { trust: 1, url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { trust: 1, url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { trust: 1, url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { trust: 1, url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { trust: 1, url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { trust: 1, url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { trust: 1, url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { trust: 1, url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { trust: 1, url: "https://github.com/azure/aks/issues/3947", }, { trust: 1, url: "https://github.com/kong/kong/discussions/11741", }, { trust: 1, url: "https://github.com/advisories/ghsa-qppj-fm5r-hxr3", }, { trust: 1, url: "https://github.com/advisories/ghsa-vx74-f528-fxqg", }, { trust: 1, url: "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p", }, { trust: 1, url: "https://github.com/akka/akka-http/issues/4323", }, { trust: 1, url: "https://github.com/alibaba/tengine/issues/1872", }, { trust: 1, url: "https://github.com/apache/apisix/issues/10320", }, { trust: 1, url: "https://github.com/apache/httpd-site/pull/10", }, { trust: 1, url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113", }, { trust: 1, url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { trust: 1, url: "https://github.com/apache/trafficserver/pull/10564", }, { trust: 1, url: "https://github.com/arkrwn/poc/tree/main/cve-2023-44487", }, { trust: 1, url: "https://github.com/bcdannyboy/cve-2023-44487", }, { trust: 1, url: "https://github.com/caddyserver/caddy/issues/5877", }, { trust: 1, url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { trust: 1, url: "https://github.com/dotnet/announcements/issues/277", }, { trust: 1, url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73", }, { trust: 1, url: "https://github.com/eclipse/jetty.project/issues/10679", }, { trust: 1, url: "https://github.com/envoyproxy/envoy/pull/30055", }, { trust: 1, url: "https://github.com/etcd-io/etcd/issues/16740", }, { trust: 1, url: "https://github.com/facebook/proxygen/pull/466", }, { trust: 1, url: "https://github.com/golang/go/issues/63417", }, { trust: 1, url: "https://github.com/grpc/grpc-go/pull/6703", }, { trust: 1, url: "https://github.com/h2o/h2o/pull/3291", }, { trust: 1, url: "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf", }, { trust: 1, url: "https://github.com/haproxy/haproxy/issues/2312", }, { trust: 1, url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244", }, { trust: 1, url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { trust: 1, url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { trust: 1, url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { trust: 1, url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { trust: 1, url: "https://github.com/line/armeria/pull/5232", }, { trust: 1, url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { trust: 1, url: "https://github.com/micrictor/http2-rst-stream", }, { trust: 1, url: "https://github.com/microsoft/cbl-mariner/pull/6381", }, { trust: 1, url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { trust: 1, url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { trust: 1, url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { trust: 1, url: "https://github.com/ninenines/cowboy/issues/1615", }, { trust: 1, url: "https://github.com/nodejs/node/pull/50121", }, { trust: 1, url: "https://github.com/openresty/openresty/issues/930", }, { trust: 1, url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { trust: 1, url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { trust: 1, url: "https://github.com/projectcontour/contour/pull/5826", }, { trust: 1, url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { trust: 1, url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { trust: 1, url: "https://groups.google.com/g/golang-announce/c/innxdtcjzvo", }, { trust: 1, url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { trust: 1, url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { trust: 1, url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/", }, { trust: 1, url: "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html", }, { trust: 1, url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html", }, { trust: 1, url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { trust: 1, url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { trust: 1, url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487", }, { trust: 1, url: "https://my.f5.com/manage/s/article/k000137106", }, { trust: 1, url: "https://netty.io/news/2023/10/10/4-1-100-final.html", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37830987", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37830998", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37831062", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37837043", }, { trust: 1, url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { trust: 1, url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { trust: 1, url: "https://security.gentoo.org/glsa/202311-09", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { trust: 1, url: "https://security.paloaltonetworks.com/cve-2023-44487", }, { trust: 1, url: "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14", }, { trust: 1, url: "https://ubuntu.com/security/cve-2023-44487", }, { trust: 1, url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { trust: 1, url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { trust: 1, url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5521", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5522", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5540", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5549", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5558", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5570", }, { trust: 1, url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { trust: 1, url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { trust: 1, url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { trust: 1, url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { trust: 1, url: "https://www.phoronix.com/news/http2-rapid-reset-attack", }, { trust: 1, url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44487", }, { trust: 0.6, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.5, url: "https://access.redhat.com/articles/11258", }, { trust: 0.5, url: "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5945.json", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.10.4", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5945", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5928.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5928", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5922", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5766", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5710", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-6754-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9513", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9511", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2024-28182", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.2", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.1", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-6505-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.52.0-1ubuntu0.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2023-34462", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/netty", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:6105", }, ], sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-20T14:34:30", db: "PACKETSTORM", id: "175239", }, { date: "2023-10-20T14:33:16", db: "PACKETSTORM", id: "175234", }, { date: "2023-10-20T14:32:33", db: "PACKETSTORM", id: "175230", }, { date: "2023-10-17T15:39:55", db: "PACKETSTORM", id: "175126", }, { date: "2023-10-18T16:23:08", db: "PACKETSTORM", id: "175160", }, { date: "2024-04-26T15:13:40", db: "PACKETSTORM", id: "178284", }, { date: "2023-11-22T16:28:02", db: "PACKETSTORM", id: "175875", }, { date: "2023-11-20T16:25:51", db: "PACKETSTORM", id: "175807", }, { date: "2023-10-27T12:55:12", db: "PACKETSTORM", id: "175376", }, { date: "2023-10-10T14:15:10.883000", db: "NVD", id: "CVE-2023-44487", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-06-27T18:34:22.110000", db: "NVD", id: "CVE-2023-44487", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, ], trust: 0.2, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat Security Advisory 2023-5945-01", sources: [ { db: "PACKETSTORM", id: "175239", }, ], trust: 0.1, }, }
var-201606-0115
Vulnerability from variot
Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party access_token Through Web Browser localStorage of API Credentials may be accessed. Red Hat OpenShift is a platform-as-a-service (PaaS) cloud computing platform that builds, tests, deploys, and runs applications. OpenShift Enterprise is an open source private cloud version. Red Hat OpenShift Enterprise is prone to a security-bypass vulnerability. Successful exploits may allow an attackers to bypass certain intended security restrictions and perform unauthorized actions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Enterprise 3.2 security update Advisory ID: RHSA-2016:1094-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2016:1094 Issue date: 2016-05-19 CVE Names: CVE-2016-3703 CVE-2016-3708 CVE-2016-3738 =====================================================================
- In addition, all images have been rebuilt on the new RHEL 7.2.4 base image.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security Fix(es):
-
A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. (CVE-2016-3703)
-
A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it.
This update includes the following images:
openshift3/ose:v3.2.0.44-2 openshift3/ose-deployer:v3.2.0.44-2 openshift3/ose-docker-builder:v3.2.0.44-2 openshift3/ose-docker-registry:v3.2.0.44-2 openshift3/ose-f5-router:v3.2.0.44-2 openshift3/ose-haproxy-router:v3.2.0.44-2 openshift3/ose-keepalived-ipfailover:v3.2.0.44-2 openshift3/ose-pod:v3.2.0.44-2 openshift3/ose-recycler:v3.2.0.44-2 openshift3/ose-sti-builder:v3.2.0.44-2 openshift3/jenkins-1-rhel7:1.642-32 openshift3/logging-auth-proxy:3.2.0-4 openshift3/logging-deployment:3.2.0-9 openshift3/logging-elasticsearch:3.2.0-8 openshift3/logging-fluentd:3.2.0-8 openshift3/logging-kibana:3.2.0-4 openshift3/metrics-deployer:3.2.0-6 openshift3/metrics-heapster:3.2.0-6 openshift3/mongodb-24-rhel7:2.4-28 openshift3/mysql-55-rhel7:5.5-26 openshift3/nodejs-010-rhel7:0.10-35 openshift3/node:v3.2.0.44-2 openshift3/openvswitch:v3.2.0.44-2 openshift3/perl-516-rhel7:5.16-38 openshift3/php-55-rhel7:5.5-35 openshift3/postgresql-92-rhel7:9.2-25 openshift3/python-33-rhel7:3.3-35 openshift3/ruby-20-rhel7:2.0-35
aep3_beta/aep:v3.2.0.44-2 aep3_beta/aep-deployer:v3.2.0.44-2 aep3_beta/aep-docker-registry:v3.2.0.44-2 aep3_beta/aep-f5-router:v3.2.0.44-2 aep3_beta/aep-haproxy-router:v3.2.0.44-2 aep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2 aep3_beta/aep-pod:v3.2.0.44-2 aep3_beta/aep-recycler:v3.2.0.44-2 aep3_beta/logging-auth-proxy:3.2.0-4 aep3_beta/logging-deployment:3.2.0-9 aep3_beta/logging-elasticsearch:3.2.0-8 aep3_beta/logging-fluentd:3.2.0-8 aep3_beta/logging-kibana:3.2.0-4 aep3_beta/metrics-deployer:3.2.0-6 aep3_beta/metrics-heapster:3.2.0-6 aep3_beta/node:v3.2.0.44-2 aep3_beta/openvswitch:v3.2.0.44-2
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig 1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node 1324996 - JSON message fields are getting overwritten 1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing 1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain 1330364 - Should update the role name in the prompt on the web console 1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds 1333168 - Node.js images crash with DEV_MODE=true 1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
References:
https://access.redhat.com/security/cve/CVE-2016-3703 https://access.redhat.com/security/cve/CVE-2016-3708 https://access.redhat.com/security/cve/CVE-2016-3738 https://access.redhat.com/security/updates/classification/#important
- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp 9WTmxUn/XuRDJFzqxtZpCVI= =n+fK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0115", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openshift", scope: "eq", trust: 1.6, vendor: "redhat", version: "3.2", }, { model: "openshift", scope: "eq", trust: 1.6, vendor: "redhat", version: "3.1", }, { model: "openshift", scope: "eq", trust: 0.8, vendor: "red hat", version: "enterprise 3.1", }, { model: "openshift", scope: "eq", trust: 0.8, vendor: "red hat", version: "enterprise 3.2", }, { model: "hat openshift enterprise x86 64", scope: "eq", trust: 0.6, vendor: "red", version: "3.2", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "NVD", id: "CVE-2016-3703", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-3703", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Jordan Liggitt (Red Hat)", sources: [ { db: "BID", id: "90817", }, ], trust: 0.3, }, cve: "CVE-2016-3703", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.8, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 3.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2016-3703", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2016-03447", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "High", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2016-3703", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-3703", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2016-03447", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201605-556", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "NVD", id: "CVE-2016-3703", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party access_token Through Web Browser localStorage of API Credentials may be accessed. Red Hat OpenShift is a platform-as-a-service (PaaS) cloud computing platform that builds, tests, deploys, and runs applications. OpenShift Enterprise is an open source private cloud version. Red Hat OpenShift Enterprise is prone to a security-bypass vulnerability. \nSuccessful exploits may allow an attackers to bypass certain intended security restrictions and perform unauthorized actions, which may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat OpenShift Enterprise 3.2 security update\nAdvisory ID: RHSA-2016:1094-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1094\nIssue date: 2016-05-19\nCVE Names: CVE-2016-3703 CVE-2016-3708 CVE-2016-3738 \n=====================================================================\n\n1. In addition, all images have been rebuilt\non the new RHEL 7.2.4 base image. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. \n\nSecurity Fix(es):\n\n* A vulnerability was found in the STI build process in OpenShift\nEnterprise. Access to STI builds was not properly restricted, allowing an\nattacker to use STI builds to access the Docker socket and escalate their\nprivileges. (CVE-2016-3703)\n\n* A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled\nand a build is run within a namespace that would normally be isolated from\npods in other namespaces. If an s2i build is run in such an environment the\ncontainer being built can access network resources on pods that should not\nbe available to it. \n\nThis update includes the following images:\n\nopenshift3/ose:v3.2.0.44-2\nopenshift3/ose-deployer:v3.2.0.44-2\nopenshift3/ose-docker-builder:v3.2.0.44-2\nopenshift3/ose-docker-registry:v3.2.0.44-2\nopenshift3/ose-f5-router:v3.2.0.44-2\nopenshift3/ose-haproxy-router:v3.2.0.44-2\nopenshift3/ose-keepalived-ipfailover:v3.2.0.44-2\nopenshift3/ose-pod:v3.2.0.44-2\nopenshift3/ose-recycler:v3.2.0.44-2\nopenshift3/ose-sti-builder:v3.2.0.44-2\nopenshift3/jenkins-1-rhel7:1.642-32\nopenshift3/logging-auth-proxy:3.2.0-4\nopenshift3/logging-deployment:3.2.0-9\nopenshift3/logging-elasticsearch:3.2.0-8\nopenshift3/logging-fluentd:3.2.0-8\nopenshift3/logging-kibana:3.2.0-4\nopenshift3/metrics-deployer:3.2.0-6\nopenshift3/metrics-heapster:3.2.0-6\nopenshift3/mongodb-24-rhel7:2.4-28\nopenshift3/mysql-55-rhel7:5.5-26\nopenshift3/nodejs-010-rhel7:0.10-35\nopenshift3/node:v3.2.0.44-2\nopenshift3/openvswitch:v3.2.0.44-2\nopenshift3/perl-516-rhel7:5.16-38\nopenshift3/php-55-rhel7:5.5-35\nopenshift3/postgresql-92-rhel7:9.2-25\nopenshift3/python-33-rhel7:3.3-35\nopenshift3/ruby-20-rhel7:2.0-35\n\naep3_beta/aep:v3.2.0.44-2\naep3_beta/aep-deployer:v3.2.0.44-2\naep3_beta/aep-docker-registry:v3.2.0.44-2\naep3_beta/aep-f5-router:v3.2.0.44-2\naep3_beta/aep-haproxy-router:v3.2.0.44-2\naep3_beta/aep-keepalived-ipfailover:v3.2.0.44-2\naep3_beta/aep-pod:v3.2.0.44-2\naep3_beta/aep-recycler:v3.2.0.44-2\naep3_beta/logging-auth-proxy:3.2.0-4\naep3_beta/logging-deployment:3.2.0-9\naep3_beta/logging-elasticsearch:3.2.0-8\naep3_beta/logging-fluentd:3.2.0-8\naep3_beta/logging-kibana:3.2.0-4\naep3_beta/metrics-deployer:3.2.0-6\naep3_beta/metrics-heapster:3.2.0-6\naep3_beta/node:v3.2.0.44-2\naep3_beta/openvswitch:v3.2.0.44-2\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1306011 - Deployer pods incorrectly using the host entry from openshiftLoopbackKubeconfig\n1318974 - Creating pods on OSE with awsElasticBlockStore only assigns devices /dev/xvdb - /dev/xvdp to openshift node\n1324996 - JSON message fields are getting overwritten\n1329044 - console.dev-preview-int.openshift.com setting of memory limit confusing\n1330233 - CVE-2016-3703 OpenShift Enterprise 3: Untrusted content loaded via the API proxy can access web console credentials on the same domain\n1330364 - Should update the role name in the prompt on the web console\n1331229 - CVE-2016-3708 OpenShiftEnterprise 3: s2i builds implicitly perform docker builds\n1333168 - Node.js images crash with DEV_MODE=true\n1333461 - CVE-2016-3738 origin: pod update allows docker socket access via build-pod\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-3703\nhttps://access.redhat.com/security/cve/CVE-2016-3708\nhttps://access.redhat.com/security/cve/CVE-2016-3738\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXPkiKXlSAg2UNWIIRAsa4AKDBVV9n5rX0BrQhspq/Kd1wNoTr8wCguVmp\n9WTmxUn/XuRDJFzqxtZpCVI=\n=n+fK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2016-3703", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "CNVD", id: "CNVD-2016-03447", }, { db: "BID", id: "90817", }, { db: "PACKETSTORM", id: "137133", }, { db: "PACKETSTORM", id: "137134", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3703", trust: 3.5, }, { db: "JVNDB", id: "JVNDB-2016-003070", trust: 0.8, }, { db: "CNVD", id: "CNVD-2016-03447", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201605-556", trust: 0.6, }, { db: "BID", id: "90817", trust: 0.3, }, { db: "PACKETSTORM", id: "137133", trust: 0.1, }, { db: "PACKETSTORM", id: "137134", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "BID", id: "90817", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "PACKETSTORM", id: "137133", }, { db: "PACKETSTORM", id: "137134", }, { db: "NVD", id: "CVE-2016-3703", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, id: "VAR-201606-0115", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, ], }, last_update_date: "2023-12-18T12:30:01.414000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "RHSA-2016:1094", trust: 0.8, url: "https://access.redhat.com/errata/rhsa-2016:1094", }, { title: "RHSA-2016:1095", trust: 0.8, url: "https://access.redhat.com/errata/rhsa-2016:1095", }, { title: "Patch for Red Hat OpenShift Enterprise certificate acquisition vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/76307", }, { title: "Red Hat OpenShift Enterprise Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61870", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-284", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "NVD", id: "CVE-2016-3703", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://access.redhat.com/errata/rhsa-2016:1095", }, { trust: 1.7, url: "https://access.redhat.com/errata/rhsa-2016:1094", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3703", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3703", }, { trust: 0.8, url: "https://access.redhat.com/security/cve/cve-2016-3703", }, { trust: 0.6, url: "https://access.redhat.com/errata/rhsa-2016", }, { trust: 0.6, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1330233", }, { trust: 0.2, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3703", }, { trust: 0.2, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.2, url: "https://access.redhat.com/articles/11258", }, { trust: 0.2, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-3708", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3708", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-3738", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3738", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#important", }, ], sources: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "PACKETSTORM", id: "137133", }, { db: "PACKETSTORM", id: "137134", }, { db: "NVD", id: "CVE-2016-3703", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2016-03447", }, { db: "BID", id: "90817", }, { db: "JVNDB", id: "JVNDB-2016-003070", }, { db: "PACKETSTORM", id: "137133", }, { db: "PACKETSTORM", id: "137134", }, { db: "NVD", id: "CVE-2016-3703", }, { db: "CNNVD", id: "CNNVD-201605-556", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-05-24T00:00:00", db: "CNVD", id: "CNVD-2016-03447", }, { date: "2016-05-19T00:00:00", db: "BID", id: "90817", }, { date: "2016-06-10T00:00:00", db: "JVNDB", id: "JVNDB-2016-003070", }, { date: "2016-05-20T22:49:22", db: "PACKETSTORM", id: "137133", }, { date: "2016-05-20T22:49:30", db: "PACKETSTORM", id: "137134", }, { date: "2016-06-08T17:59:04.703000", db: "NVD", id: "CVE-2016-3703", }, { date: "2016-05-20T00:00:00", db: "CNNVD", id: "CNNVD-201605-556", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-05-24T00:00:00", db: "CNVD", id: "CNVD-2016-03447", }, { date: "2016-05-19T00:00:00", db: "BID", id: "90817", }, { date: "2016-06-10T00:00:00", db: "JVNDB", id: "JVNDB-2016-003070", }, { date: "2023-02-12T23:18:27.953000", db: "NVD", id: "CVE-2016-3703", }, { date: "2023-04-04T00:00:00", db: "CNNVD", id: "CNNVD-201605-556", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201605-556", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat OpenShift Enterprise In Web Browser localStorage of API Credential access vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2016-003070", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-201605-556", }, ], trust: 0.6, }, }
var-201909-0069
Vulnerability from variot
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0069", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "container ingress service", scope: "eq", trust: 1, vendor: "f5", version: "1.9.0", }, { model: "container ingress services", scope: "eq", trust: 0.8, vendor: "f5", version: "1.9.0", }, { model: "openshift", scope: null, trust: 0.8, vendor: "red hat", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-6648", }, ], }, cve: "CVE-2019-6648", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.4, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 1.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-6648", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.4, id: "VHN-158083", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:M/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 0.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "None", baseScore: 4.4, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-6648", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-6648", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201908-668", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-158083", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2019-6648", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-158083", }, { db: "VULMON", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, { db: "CNNVD", id: "CNNVD-201908-668", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information", sources: [ { db: "NVD", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "VULHUB", id: "VHN-158083", }, { db: "VULMON", id: "CVE-2019-6648", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-6648", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2019-008869", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201908-668", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2019.3055", trust: 0.6, }, { db: "VULHUB", id: "VHN-158083", trust: 0.1, }, { db: "VULMON", id: "CVE-2019-6648", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-158083", }, { db: "VULMON", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, { db: "CNNVD", id: "CNNVD-201908-668", }, ], }, id: "VAR-201909-0069", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-158083", }, ], trust: 0.01, }, last_update_date: "2023-12-18T13:23:36.729000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Red Hat OpenShift", trust: 0.8, url: "https://www.redhat.com/ja/technologies/cloud-computing/openshift", }, { title: "K74327432", trust: 0.8, url: "https://support.f5.com/csp/article/k74327432", }, { title: "F5 Container Ingress Services Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96365", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2019-6648 ", }, ], sources: [ { db: "VULMON", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "CNNVD", id: "CNNVD-201908-668", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-532", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-158083", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://support.f5.com/csp/article/k74327432", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-6648", }, { trust: 1, url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&%3butm_medium=rss", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6648", }, { trust: 0.7, url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&utm_medium=rss", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3055/", }, { trust: 0.1, url: "https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp;utm_medium=rss", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/532.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2019-6648", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-158083", }, { db: "VULMON", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, { db: "CNNVD", id: "CNNVD-201908-668", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-158083", }, { db: "VULMON", id: "CVE-2019-6648", }, { db: "JVNDB", id: "JVNDB-2019-008869", }, { db: "NVD", id: "CVE-2019-6648", }, { db: "CNNVD", id: "CNNVD-201908-668", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-09-04T00:00:00", db: "VULHUB", id: "VHN-158083", }, { date: "2019-09-04T00:00:00", db: "VULMON", id: "CVE-2019-6648", }, { date: "2019-09-06T00:00:00", db: "JVNDB", id: "JVNDB-2019-008869", }, { date: "2019-09-04T16:15:11.060000", db: "NVD", id: "CVE-2019-6648", }, { date: "2019-08-12T00:00:00", db: "CNNVD", id: "CNNVD-201908-668", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-03T00:00:00", db: "VULHUB", id: "VHN-158083", }, { date: "2023-02-03T00:00:00", db: "VULMON", id: "CVE-2019-6648", }, { date: "2019-09-06T00:00:00", db: "JVNDB", id: "JVNDB-2019-008869", }, { date: "2023-11-07T03:13:13.693000", db: "NVD", id: "CVE-2019-6648", }, { date: "2019-10-17T00:00:00", db: "CNNVD", id: "CNNVD-201908-668", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-201908-668", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "F5 Container Ingress Service and Red Hat OpenShift Vulnerable to information disclosure from log files", sources: [ { db: "JVNDB", id: "JVNDB-2019-008869", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "log information leak", sources: [ { db: "CNNVD", id: "CNNVD-201908-668", }, ], trust: 0.6, }, }