Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7995
Vulnerability from cvelistv5
Published
2015-11-17 15:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:06:31.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3605", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206168", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205729", }, { name: "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { name: "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { name: "APPLE-SA-2016-01-25-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { name: "1034736", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034736", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "APPLE-SA-2016-01-19-2", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { name: "APPLE-SA-2016-03-21-2", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2015-7995", }, { name: "APPLE-SA-2016-01-19-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { name: "77325", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77325", }, { name: "openSUSE-SU-2016:1439", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { name: "SSA:2016-148-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205732", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { name: "1038623", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038623", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-28T00:00:00", descriptions: [ { lang: "en", value: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3605", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3605", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206168", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205729", }, { name: "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { name: "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { name: "APPLE-SA-2016-01-25-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { name: "1034736", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034736", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "APPLE-SA-2016-01-19-2", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { name: "APPLE-SA-2016-03-21-2", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2015-7995", }, { name: "APPLE-SA-2016-01-19-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { name: "77325", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77325", }, { name: "openSUSE-SU-2016:1439", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { name: "SSA:2016-148-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205732", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { name: "1038623", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038623", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7995", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3605", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3605", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", url: "https://support.apple.com/HT206168", }, { name: "https://support.apple.com/HT205731", refsource: "CONFIRM", url: "https://support.apple.com/HT205731", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "https://support.apple.com/HT205729", refsource: "CONFIRM", url: "https://support.apple.com/HT205729", }, { name: "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { name: "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { name: "APPLE-SA-2016-01-25-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { name: "1034736", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034736", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "APPLE-SA-2016-01-19-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "https://puppet.com/security/cve/cve-2015-7995", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2015-7995", }, { name: "APPLE-SA-2016-01-19-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { name: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", refsource: "CONFIRM", url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { name: "77325", refsource: "BID", url: "http://www.securityfocus.com/bid/77325", }, { name: "openSUSE-SU-2016:1439", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { name: "SSA:2016-148-02", refsource: "SLACKWARE", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "https://support.apple.com/HT205732", refsource: "CONFIRM", url: "https://support.apple.com/HT205732", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { name: "1038623", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038623", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-7995", datePublished: "2015-11-17T15:00:00", dateReserved: "2015-10-28T00:00:00", dateUpdated: "2024-08-06T08:06:31.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2\", \"matchCriteriaId\": \"66F0A17C-3DC1-4E8A-9291-DD97F386F40C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.11.2\", \"matchCriteriaId\": \"3E7F8660-36B3-469C-81AD-07B25B09E5D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.1\", \"matchCriteriaId\": \"B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1\", \"matchCriteriaId\": \"FBF14807-BA21-480B-9ED0-A6D53352E87F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.28\", \"matchCriteriaId\": \"BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \\\"type confusion\\\" issue.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegaci\\u00f3n de servicio a trav\\u00e9s de un archivo XML manipulado, relacionado a un problema 'type confusion'.\"}]", evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", id: "CVE-2015-7995", lastModified: "2024-11-21T02:37:48.383", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2015-11-17T15:59:16.287", references: "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3605\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/27/10\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/28/4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/77325\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1034736\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1038623\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1257962\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://puppet.com/security/cve/cve-2015-7995\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT205729\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT205731\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT205732\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206168\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/27/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2015/10/28/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/77325\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1038623\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1257962\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://puppet.com/security/cve/cve-2015-7995\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206168\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2015-7995\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-11-17T15:59:16.287\",\"lastModified\":\"2024-11-21T02:37:48.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \\\"type confusion\\\" issue.\"},{\"lang\":\"es\",\"value\":\"La función xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegación de servicio a través de un archivo XML manipulado, relacionado a un problema 'type confusion'.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2\",\"matchCriteriaId\":\"66F0A17C-3DC1-4E8A-9291-DD97F386F40C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.2\",\"matchCriteriaId\":\"3E7F8660-36B3-469C-81AD-07B25B09E5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.1\",\"matchCriteriaId\":\"B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1\",\"matchCriteriaId\":\"FBF14807-BA21-480B-9ED0-A6D53352E87F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.28\",\"matchCriteriaId\":\"BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3605\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/10\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/28/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/77325\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1038623\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1257962\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://puppet.com/security/cve/cve-2015-7995\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT205729\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT205731\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT205732\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206168\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/28/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/77325\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1038623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1257962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://puppet.com/security/cve/cve-2015-7995\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorComment\":\"<a href=\\\"http://cwe.mitre.org/data/definitions/843.html\\\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>\"}}", }, }
opensuse-su-2024:14174-1
Vulnerability from csaf_opensuse
Published
2024-07-12 00:00
Modified
2024-07-12 00:00
Summary
ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media
Notes
Title of the patch
ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media
Description of the patch
These are all security issues fixed in the ruby3.3-rubygem-nokogiri-1.15.5-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14174
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.3-rubygem-nokogiri-1.15.5-1.5 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14174", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14174-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-23476 page", url: "https://www.suse.com/security/cve/CVE-2022-23476/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, { category: "self", summary: "SUSE CVE CVE-2022-34169 page", url: "https://www.suse.com/security/cve/CVE-2022-34169/", }, { category: "self", summary: "SUSE CVE CVE-2023-29469 page", url: "https://www.suse.com/security/cve/CVE-2023-29469/", }, ], title: "ruby3.3-rubygem-nokogiri-1.15.5-1.5 on GA media", tracking: { current_release_date: "2024-07-12T00:00:00Z", generator: { date: "2024-07-12T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14174-1", initial_release_date: "2024-07-12T00:00:00Z", revision_history: [ { date: "2024-07-12T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", product: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", product_id: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", }, product_reference: "ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-23476", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23476", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23476", url: "https://www.suse.com/security/cve/CVE-2022-23476", }, { category: "external", summary: "SUSE Bug 1206227 for CVE-2022-23476", url: "https://bugzilla.suse.com/1206227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-23476", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, { cve: "CVE-2022-34169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34169", }, ], notes: [ { category: "general", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34169", url: "https://www.suse.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "SUSE Bug 1201684 for CVE-2022-34169", url: "https://bugzilla.suse.com/1201684", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-34169", url: "https://bugzilla.suse.com/1202427", }, { category: "external", summary: "SUSE Bug 1207688 for CVE-2022-34169", url: "https://bugzilla.suse.com/1207688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "important", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2023-29469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-29469", }, ], notes: [ { category: "general", text: "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-29469", url: "https://www.suse.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "SUSE Bug 1210412 for CVE-2023-29469", url: "https://bugzilla.suse.com/1210412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.aarch64", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.ppc64le", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.s390x", "openSUSE Tumbleweed:ruby3.3-rubygem-nokogiri-1.15.5-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-07-12T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-29469", }, ], }
opensuse-su-2025:14697-1
Vulnerability from csaf_opensuse
Published
2025-01-25 00:00
Modified
2025-01-25 00:00
Summary
ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media
Notes
Title of the patch
ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.4-rubygem-nokogiri-1.18.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14697
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.4-rubygem-nokogiri-1.18.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14697", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14697-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:14697-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5YNW74OL2W7SH2XTAVN5TODNFIVFL3Y/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:14697-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5YNW74OL2W7SH2XTAVN5TODNFIVFL3Y/", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-23476 page", url: "https://www.suse.com/security/cve/CVE-2022-23476/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, { category: "self", summary: "SUSE CVE CVE-2022-34169 page", url: "https://www.suse.com/security/cve/CVE-2022-34169/", }, { category: "self", summary: "SUSE CVE CVE-2023-29469 page", url: "https://www.suse.com/security/cve/CVE-2023-29469/", }, ], title: "ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media", tracking: { current_release_date: "2025-01-25T00:00:00Z", generator: { date: "2025-01-25T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14697-1", initial_release_date: "2025-01-25T00:00:00Z", revision_history: [ { date: "2025-01-25T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", product: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", product_id: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", }, product_reference: "ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-23476", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23476", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23476", url: "https://www.suse.com/security/cve/CVE-2022-23476", }, { category: "external", summary: "SUSE Bug 1206227 for CVE-2022-23476", url: "https://bugzilla.suse.com/1206227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-23476", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, { cve: "CVE-2022-34169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34169", }, ], notes: [ { category: "general", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34169", url: "https://www.suse.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "SUSE Bug 1201684 for CVE-2022-34169", url: "https://bugzilla.suse.com/1201684", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-34169", url: "https://bugzilla.suse.com/1202427", }, { category: "external", summary: "SUSE Bug 1207688 for CVE-2022-34169", url: "https://bugzilla.suse.com/1207688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "important", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2023-29469", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-29469", }, ], notes: [ { category: "general", text: "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-29469", url: "https://www.suse.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "SUSE Bug 1210412 for CVE-2023-29469", url: "https://bugzilla.suse.com/1210412", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.aarch64", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.s390x", "openSUSE Tumbleweed:ruby3.4-rubygem-nokogiri-1.18.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-25T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-29469", }, ], }
opensuse-su-2024:11340-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media
Notes
Title of the patch
ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media
Description of the patch
These are all security issues fixed in the ruby2.7-rubygem-nokogiri-1.12.3-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11340
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby2.7-rubygem-nokogiri-1.12.3-1.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11340", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11340-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, ], title: "ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11340-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", product: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", product_id: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", }, }, { category: "product_version", name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", product: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", product_id: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", }, product_reference: "ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", }, product_reference: "ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby2.7-rubygem-nokogiri-1.12.3-1.2.x86_64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.aarch64", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.ppc64le", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.s390x", "openSUSE Tumbleweed:ruby3.0-rubygem-nokogiri-1.12.3-1.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, ], }
opensuse-su-2024:11912-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-nokogiri-1.13.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11912
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.1-rubygem-nokogiri-1.13.3-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11912", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11912-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, ], title: "ruby3.1-rubygem-nokogiri-1.13.3-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11912-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", product: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", product_id: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", }, product_reference: "ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.aarch64", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.ppc64le", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.s390x", "openSUSE Tumbleweed:ruby3.1-rubygem-nokogiri-1.13.3-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, ], }
opensuse-su-2024:13165-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media
Notes
Title of the patch
ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media
Description of the patch
These are all security issues fixed in the ruby3.2-rubygem-nokogiri-1.13.9-1.7 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13165
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby3.2-rubygem-nokogiri-1.13.9-1.7 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13165", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13165-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, { category: "self", summary: "SUSE CVE CVE-2016-4658 page", url: "https://www.suse.com/security/cve/CVE-2016-4658/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2016-5131 page", url: "https://www.suse.com/security/cve/CVE-2016-5131/", }, { category: "self", summary: "SUSE CVE CVE-2017-15412 page", url: "https://www.suse.com/security/cve/CVE-2017-15412/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, { category: "self", summary: "SUSE CVE CVE-2018-14404 page", url: "https://www.suse.com/security/cve/CVE-2018-14404/", }, { category: "self", summary: "SUSE CVE CVE-2018-25032 page", url: "https://www.suse.com/security/cve/CVE-2018-25032/", }, { category: "self", summary: "SUSE CVE CVE-2018-8048 page", url: "https://www.suse.com/security/cve/CVE-2018-8048/", }, { category: "self", summary: "SUSE CVE CVE-2019-11068 page", url: "https://www.suse.com/security/cve/CVE-2019-11068/", }, { category: "self", summary: "SUSE CVE CVE-2019-20388 page", url: "https://www.suse.com/security/cve/CVE-2019-20388/", }, { category: "self", summary: "SUSE CVE CVE-2019-5477 page", url: "https://www.suse.com/security/cve/CVE-2019-5477/", }, { category: "self", summary: "SUSE CVE CVE-2020-24977 page", url: "https://www.suse.com/security/cve/CVE-2020-24977/", }, { category: "self", summary: "SUSE CVE CVE-2020-7595 page", url: "https://www.suse.com/security/cve/CVE-2020-7595/", }, { category: "self", summary: "SUSE CVE CVE-2021-30560 page", url: "https://www.suse.com/security/cve/CVE-2021-30560/", }, { category: "self", summary: "SUSE CVE CVE-2021-3516 page", url: "https://www.suse.com/security/cve/CVE-2021-3516/", }, { category: "self", summary: "SUSE CVE CVE-2021-3517 page", url: "https://www.suse.com/security/cve/CVE-2021-3517/", }, { category: "self", summary: "SUSE CVE CVE-2021-3518 page", url: "https://www.suse.com/security/cve/CVE-2021-3518/", }, { category: "self", summary: "SUSE CVE CVE-2021-3537 page", url: "https://www.suse.com/security/cve/CVE-2021-3537/", }, { category: "self", summary: "SUSE CVE CVE-2021-3541 page", url: "https://www.suse.com/security/cve/CVE-2021-3541/", }, { category: "self", summary: "SUSE CVE CVE-2021-41098 page", url: "https://www.suse.com/security/cve/CVE-2021-41098/", }, { category: "self", summary: "SUSE CVE CVE-2022-23308 page", url: "https://www.suse.com/security/cve/CVE-2022-23308/", }, { category: "self", summary: "SUSE CVE CVE-2022-23437 page", url: "https://www.suse.com/security/cve/CVE-2022-23437/", }, { category: "self", summary: "SUSE CVE CVE-2022-24836 page", url: "https://www.suse.com/security/cve/CVE-2022-24836/", }, { category: "self", summary: "SUSE CVE CVE-2022-24839 page", url: "https://www.suse.com/security/cve/CVE-2022-24839/", }, { category: "self", summary: "SUSE CVE CVE-2022-29181 page", url: "https://www.suse.com/security/cve/CVE-2022-29181/", }, { category: "self", summary: "SUSE CVE CVE-2022-29824 page", url: "https://www.suse.com/security/cve/CVE-2022-29824/", }, ], title: "ruby3.2-rubygem-nokogiri-1.13.9-1.7 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13165-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", product: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", product_id: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", }, product_reference: "ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, { cve: "CVE-2016-4658", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4658", }, ], notes: [ { category: "general", text: "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4658", url: "https://www.suse.com/security/cve/CVE-2016-4658", }, { category: "external", summary: "SUSE Bug 1005544 for CVE-2016-4658", url: "https://bugzilla.suse.com/1005544", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-4658", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-4658", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-4658", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-4658", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4658", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2016-5131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5131", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5131", url: "https://www.suse.com/security/cve/CVE-2016-5131", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2016-5131", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1069433 for CVE-2016-5131", url: "https://bugzilla.suse.com/1069433", }, { category: "external", summary: "SUSE Bug 1078813 for CVE-2016-5131", url: "https://bugzilla.suse.com/1078813", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2016-5131", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 989901 for CVE-2016-5131", url: "https://bugzilla.suse.com/989901", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5131", }, { cve: "CVE-2017-15412", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-15412", }, ], notes: [ { category: "general", text: "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-15412", url: "https://www.suse.com/security/cve/CVE-2017-15412", }, { category: "external", summary: "SUSE Bug 1071691 for CVE-2017-15412", url: "https://bugzilla.suse.com/1071691", }, { category: "external", summary: "SUSE Bug 1077993 for CVE-2017-15412", url: "https://bugzilla.suse.com/1077993", }, { category: "external", summary: "SUSE Bug 1123129 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123129", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2017-15412", url: "https://bugzilla.suse.com/1123919", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-15412", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2017-5029", }, { cve: "CVE-2018-14404", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14404", }, ], notes: [ { category: "general", text: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14404", url: "https://www.suse.com/security/cve/CVE-2018-14404", }, { category: "external", summary: "SUSE Bug 1102046 for CVE-2018-14404", url: "https://bugzilla.suse.com/1102046", }, { category: "external", summary: "SUSE Bug 1148896 for CVE-2018-14404", url: "https://bugzilla.suse.com/1148896", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14404", }, { cve: "CVE-2018-25032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-25032", }, ], notes: [ { category: "general", text: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-25032", url: "https://www.suse.com/security/cve/CVE-2018-25032", }, { category: "external", summary: "SUSE Bug 1197459 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197459", }, { category: "external", summary: "SUSE Bug 1197893 for CVE-2018-25032", url: "https://bugzilla.suse.com/1197893", }, { category: "external", summary: "SUSE Bug 1198667 for CVE-2018-25032", url: "https://bugzilla.suse.com/1198667", }, { category: "external", summary: "SUSE Bug 1199104 for CVE-2018-25032", url: "https://bugzilla.suse.com/1199104", }, { category: "external", summary: "SUSE Bug 1200049 for CVE-2018-25032", url: "https://bugzilla.suse.com/1200049", }, { category: "external", summary: "SUSE Bug 1201732 for CVE-2018-25032", url: "https://bugzilla.suse.com/1201732", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2018-25032", url: "https://bugzilla.suse.com/1202688", }, { category: "external", summary: "SUSE Bug 1224427 for CVE-2018-25032", url: "https://bugzilla.suse.com/1224427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-25032", }, { cve: "CVE-2018-8048", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8048", }, ], notes: [ { category: "general", text: "In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8048", url: "https://www.suse.com/security/cve/CVE-2018-8048", }, { category: "external", summary: "SUSE Bug 1085967 for CVE-2018-8048", url: "https://bugzilla.suse.com/1085967", }, { category: "external", summary: "SUSE Bug 1086598 for CVE-2018-8048", url: "https://bugzilla.suse.com/1086598", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-8048", }, { cve: "CVE-2019-11068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-11068", }, ], notes: [ { category: "general", text: "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-11068", url: "https://www.suse.com/security/cve/CVE-2019-11068", }, { category: "external", summary: "SUSE Bug 1132160 for CVE-2019-11068", url: "https://bugzilla.suse.com/1132160", }, { category: "external", summary: "SUSE Bug 1154212 for CVE-2019-11068", url: "https://bugzilla.suse.com/1154212", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-11068", }, { cve: "CVE-2019-20388", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20388", }, ], notes: [ { category: "general", text: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20388", url: "https://www.suse.com/security/cve/CVE-2019-20388", }, { category: "external", summary: "SUSE Bug 1161521 for CVE-2019-20388", url: "https://bugzilla.suse.com/1161521", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2019-20388", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-20388", }, { cve: "CVE-2019-5477", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5477", }, ], notes: [ { category: "general", text: "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5477", url: "https://www.suse.com/security/cve/CVE-2019-5477", }, { category: "external", summary: "SUSE Bug 1146578 for CVE-2019-5477", url: "https://bugzilla.suse.com/1146578", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-5477", }, { cve: "CVE-2020-24977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-24977", }, ], notes: [ { category: "general", text: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-24977", url: "https://www.suse.com/security/cve/CVE-2020-24977", }, { category: "external", summary: "SUSE Bug 1176179 for CVE-2020-24977", url: "https://bugzilla.suse.com/1176179", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-24977", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-24977", }, { cve: "CVE-2020-7595", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-7595", }, ], notes: [ { category: "general", text: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-7595", url: "https://www.suse.com/security/cve/CVE-2020-7595", }, { category: "external", summary: "SUSE Bug 1161517 for CVE-2020-7595", url: "https://bugzilla.suse.com/1161517", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2020-7595", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-7595", }, { cve: "CVE-2021-30560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-30560", }, ], notes: [ { category: "general", text: "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-30560", url: "https://www.suse.com/security/cve/CVE-2021-30560", }, { category: "external", summary: "SUSE Bug 1188373 for CVE-2021-30560", url: "https://bugzilla.suse.com/1188373", }, { category: "external", summary: "SUSE Bug 1208574 for CVE-2021-30560", url: "https://bugzilla.suse.com/1208574", }, { category: "external", summary: "SUSE Bug 1211500 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211500", }, { category: "external", summary: "SUSE Bug 1211501 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211501", }, { category: "external", summary: "SUSE Bug 1211544 for CVE-2021-30560", url: "https://bugzilla.suse.com/1211544", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-30560", }, { cve: "CVE-2021-3516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3516", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3516", url: "https://www.suse.com/security/cve/CVE-2021-3516", }, { category: "external", summary: "SUSE Bug 1185409 for CVE-2021-3516", url: "https://bugzilla.suse.com/1185409", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3516", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3516", }, { cve: "CVE-2021-3517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3517", }, ], notes: [ { category: "general", text: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3517", url: "https://www.suse.com/security/cve/CVE-2021-3517", }, { category: "external", summary: "SUSE Bug 1185410 for CVE-2021-3517", url: "https://bugzilla.suse.com/1185410", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3517", url: "https://bugzilla.suse.com/1191860", }, { category: "external", summary: "SUSE Bug 1194438 for CVE-2021-3517", url: "https://bugzilla.suse.com/1194438", }, { category: "external", summary: "SUSE Bug 1196383 for CVE-2021-3517", url: "https://bugzilla.suse.com/1196383", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3517", }, { cve: "CVE-2021-3518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3518", }, ], notes: [ { category: "general", text: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3518", url: "https://www.suse.com/security/cve/CVE-2021-3518", }, { category: "external", summary: "SUSE Bug 1185408 for CVE-2021-3518", url: "https://bugzilla.suse.com/1185408", }, { category: "external", summary: "SUSE Bug 1191860 for CVE-2021-3518", url: "https://bugzilla.suse.com/1191860", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3518", }, { cve: "CVE-2021-3537", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3537", }, ], notes: [ { category: "general", text: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3537", url: "https://www.suse.com/security/cve/CVE-2021-3537", }, { category: "external", summary: "SUSE Bug 1185698 for CVE-2021-3537", url: "https://bugzilla.suse.com/1185698", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-3537", }, { cve: "CVE-2021-3541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3541", }, ], notes: [ { category: "general", text: "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3541", url: "https://www.suse.com/security/cve/CVE-2021-3541", }, { category: "external", summary: "SUSE Bug 1186015 for CVE-2021-3541", url: "https://bugzilla.suse.com/1186015", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3541", }, { cve: "CVE-2021-41098", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41098", }, ], notes: [ { category: "general", text: "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41098", url: "https://www.suse.com/security/cve/CVE-2021-41098", }, { category: "external", summary: "SUSE Bug 1191029 for CVE-2021-41098", url: "https://bugzilla.suse.com/1191029", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2021-41098", }, { cve: "CVE-2022-23308", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23308", }, ], notes: [ { category: "general", text: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23308", url: "https://www.suse.com/security/cve/CVE-2022-23308", }, { category: "external", summary: "SUSE Bug 1196490 for CVE-2022-23308", url: "https://bugzilla.suse.com/1196490", }, { category: "external", summary: "SUSE Bug 1199098 for CVE-2022-23308", url: "https://bugzilla.suse.com/1199098", }, { category: "external", summary: "SUSE Bug 1202688 for CVE-2022-23308", url: "https://bugzilla.suse.com/1202688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23308", }, { cve: "CVE-2022-23437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23437", }, ], notes: [ { category: "general", text: "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23437", url: "https://www.suse.com/security/cve/CVE-2022-23437", }, { category: "external", summary: "SUSE Bug 1195108 for CVE-2022-23437", url: "https://bugzilla.suse.com/1195108", }, { category: "external", summary: "SUSE Bug 1196394 for CVE-2022-23437", url: "https://bugzilla.suse.com/1196394", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-24836", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24836", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24836", url: "https://www.suse.com/security/cve/CVE-2022-24836", }, { category: "external", summary: "SUSE Bug 1198408 for CVE-2022-24836", url: "https://bugzilla.suse.com/1198408", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-24836", }, { cve: "CVE-2022-24839", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24839", }, ], notes: [ { category: "general", text: "org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24839", url: "https://www.suse.com/security/cve/CVE-2022-24839", }, { category: "external", summary: "SUSE Bug 1198404 for CVE-2022-24839", url: "https://bugzilla.suse.com/1198404", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-24839", }, { cve: "CVE-2022-29181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29181", }, ], notes: [ { category: "general", text: "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29181", url: "https://www.suse.com/security/cve/CVE-2022-29181", }, { category: "external", summary: "SUSE Bug 1199782 for CVE-2022-29181", url: "https://bugzilla.suse.com/1199782", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-29181", }, { cve: "CVE-2022-29824", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29824", }, ], notes: [ { category: "general", text: "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29824", url: "https://www.suse.com/security/cve/CVE-2022-29824", }, { category: "external", summary: "SUSE Bug 1199132 for CVE-2022-29824", url: "https://bugzilla.suse.com/1199132", }, { category: "external", summary: "SUSE Bug 1202878 for CVE-2022-29824", url: "https://bugzilla.suse.com/1202878", }, { category: "external", summary: "SUSE Bug 1204121 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204121", }, { category: "external", summary: "SUSE Bug 1204131 for CVE-2022-29824", url: "https://bugzilla.suse.com/1204131", }, { category: "external", summary: "SUSE Bug 1205069 for CVE-2022-29824", url: "https://bugzilla.suse.com/1205069", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.aarch64", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.ppc64le", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.s390x", "openSUSE Tumbleweed:ruby3.2-rubygem-nokogiri-1.13.9-1.7.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2022-29824", }, ], }
opensuse-su-2024:10549-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
Notes
Title of the patch
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
Description of the patch
These are all security issues fixed in the ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10549
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10549", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10549-1.json", }, { category: "self", summary: "SUSE CVE CVE-2013-2877 page", url: "https://www.suse.com/security/cve/CVE-2013-2877/", }, { category: "self", summary: "SUSE CVE CVE-2014-0191 page", url: "https://www.suse.com/security/cve/CVE-2014-0191/", }, { category: "self", summary: "SUSE CVE CVE-2015-1819 page", url: "https://www.suse.com/security/cve/CVE-2015-1819/", }, { category: "self", summary: "SUSE CVE CVE-2015-5312 page", url: "https://www.suse.com/security/cve/CVE-2015-5312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7497 page", url: "https://www.suse.com/security/cve/CVE-2015-7497/", }, { category: "self", summary: "SUSE CVE CVE-2015-7498 page", url: "https://www.suse.com/security/cve/CVE-2015-7498/", }, { category: "self", summary: "SUSE CVE CVE-2015-7499 page", url: "https://www.suse.com/security/cve/CVE-2015-7499/", }, { category: "self", summary: "SUSE CVE CVE-2015-7500 page", url: "https://www.suse.com/security/cve/CVE-2015-7500/", }, { category: "self", summary: "SUSE CVE CVE-2015-7941 page", url: "https://www.suse.com/security/cve/CVE-2015-7941/", }, { category: "self", summary: "SUSE CVE CVE-2015-7942 page", url: "https://www.suse.com/security/cve/CVE-2015-7942/", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-8035 page", url: "https://www.suse.com/security/cve/CVE-2015-8035/", }, { category: "self", summary: "SUSE CVE CVE-2015-8241 page", url: "https://www.suse.com/security/cve/CVE-2015-8241/", }, { category: "self", summary: "SUSE CVE CVE-2015-8242 page", url: "https://www.suse.com/security/cve/CVE-2015-8242/", }, { category: "self", summary: "SUSE CVE CVE-2015-8317 page", url: "https://www.suse.com/security/cve/CVE-2015-8317/", }, ], title: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10549-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product_id: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, }, { category: "product_version", name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", product_id: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", }, product_reference: "ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2013-2877", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-2877", }, ], notes: [ { category: "general", text: "parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-2877", url: "https://www.suse.com/security/cve/CVE-2013-2877", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2013-2877", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 828893 for CVE-2013-2877", url: "https://bugzilla.suse.com/828893", }, { category: "external", summary: "SUSE Bug 829077 for CVE-2013-2877", url: "https://bugzilla.suse.com/829077", }, { category: "external", summary: "SUSE Bug 854869 for CVE-2013-2877", url: "https://bugzilla.suse.com/854869", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2013-2877", url: "https://bugzilla.suse.com/877506", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2013-2877", }, { cve: "CVE-2014-0191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-0191", }, ], notes: [ { category: "general", text: "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-0191", url: "https://www.suse.com/security/cve/CVE-2014-0191", }, { category: "external", summary: "SUSE Bug 1014873 for CVE-2014-0191", url: "https://bugzilla.suse.com/1014873", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2014-0191", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 876652 for CVE-2014-0191", url: "https://bugzilla.suse.com/876652", }, { category: "external", summary: "SUSE Bug 877506 for CVE-2014-0191", url: "https://bugzilla.suse.com/877506", }, { category: "external", summary: "SUSE Bug 996079 for CVE-2014-0191", url: "https://bugzilla.suse.com/996079", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-0191", }, { cve: "CVE-2015-1819", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1819", }, ], notes: [ { category: "general", text: "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1819", url: "https://www.suse.com/security/cve/CVE-2015-1819", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-1819", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 928193 for CVE-2015-1819", url: "https://bugzilla.suse.com/928193", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-1819", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1819", }, { cve: "CVE-2015-5312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5312", }, ], notes: [ { category: "general", text: "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5312", url: "https://www.suse.com/security/cve/CVE-2015-5312", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-5312", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957105 for CVE-2015-5312", url: "https://bugzilla.suse.com/957105", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-5312", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-5312", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-5312", }, { cve: "CVE-2015-7497", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7497", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7497", url: "https://www.suse.com/security/cve/CVE-2015-7497", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7497", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957106 for CVE-2015-7497", url: "https://bugzilla.suse.com/957106", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7497", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7497", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7497", }, { cve: "CVE-2015-7498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7498", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7498", url: "https://www.suse.com/security/cve/CVE-2015-7498", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7498", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957107 for CVE-2015-7498", url: "https://bugzilla.suse.com/957107", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7498", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7498", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7498", }, { cve: "CVE-2015-7499", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7499", }, ], notes: [ { category: "general", text: "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7499", url: "https://www.suse.com/security/cve/CVE-2015-7499", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7499", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957109 for CVE-2015-7499", url: "https://bugzilla.suse.com/957109", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7499", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7499", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7499", }, { cve: "CVE-2015-7500", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7500", }, ], notes: [ { category: "general", text: "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7500", url: "https://www.suse.com/security/cve/CVE-2015-7500", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7500", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 957110 for CVE-2015-7500", url: "https://bugzilla.suse.com/957110", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-7500", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7500", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7500", }, { cve: "CVE-2015-7941", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7941", }, ], notes: [ { category: "general", text: "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7941", url: "https://www.suse.com/security/cve/CVE-2015-7941", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7941", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951734 for CVE-2015-7941", url: "https://bugzilla.suse.com/951734", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7941", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7941", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7941", }, { cve: "CVE-2015-7942", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7942", }, ], notes: [ { category: "general", text: "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7942", url: "https://www.suse.com/security/cve/CVE-2015-7942", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-7942", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 951735 for CVE-2015-7942", url: "https://bugzilla.suse.com/951735", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-7942", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7942", }, { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-8035", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8035", }, ], notes: [ { category: "general", text: "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8035", url: "https://www.suse.com/security/cve/CVE-2015-8035", }, { category: "external", summary: "SUSE Bug 1088279 for CVE-2015-8035", url: "https://bugzilla.suse.com/1088279", }, { category: "external", summary: "SUSE Bug 1105166 for CVE-2015-8035", url: "https://bugzilla.suse.com/1105166", }, { category: "external", summary: "SUSE Bug 954429 for CVE-2015-8035", url: "https://bugzilla.suse.com/954429", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8035", }, { cve: "CVE-2015-8241", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8241", }, ], notes: [ { category: "general", text: "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8241", url: "https://www.suse.com/security/cve/CVE-2015-8241", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8241", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956018 for CVE-2015-8241", url: "https://bugzilla.suse.com/956018", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8241", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8241", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8241", }, { cve: "CVE-2015-8242", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8242", }, ], notes: [ { category: "general", text: "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8242", url: "https://www.suse.com/security/cve/CVE-2015-8242", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8242", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956021 for CVE-2015-8242", url: "https://bugzilla.suse.com/956021", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8242", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8242", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8242", }, { cve: "CVE-2015-8317", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8317", }, ], notes: [ { category: "general", text: "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8317", url: "https://www.suse.com/security/cve/CVE-2015-8317", }, { category: "external", summary: "SUSE Bug 1123919 for CVE-2015-8317", url: "https://bugzilla.suse.com/1123919", }, { category: "external", summary: "SUSE Bug 956260 for CVE-2015-8317", url: "https://bugzilla.suse.com/956260", }, { category: "external", summary: "SUSE Bug 959469 for CVE-2015-8317", url: "https://bugzilla.suse.com/959469", }, { category: "external", summary: "SUSE Bug 969769 for CVE-2015-8317", url: "https://bugzilla.suse.com/969769", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.2-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-doc-1.6.8.1-1.3.x86_64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.aarch64", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.ppc64le", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.s390x", "openSUSE Tumbleweed:ruby2.3-rubygem-nokogiri-testsuite-1.6.8.1-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8317", }, ], }
opensuse-su-2024:10185-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libxslt-devel-1.1.29-1.3 on GA media
Notes
Title of the patch
libxslt-devel-1.1.29-1.3 on GA media
Description of the patch
These are all security issues fixed in the libxslt-devel-1.1.29-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10185
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libxslt-devel-1.1.29-1.3 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libxslt-devel-1.1.29-1.3 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10185", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10185-1.json", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, ], title: "libxslt-devel-1.1.29-1.3 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10185-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libxslt-devel-1.1.29-1.3.aarch64", product: { name: "libxslt-devel-1.1.29-1.3.aarch64", product_id: "libxslt-devel-1.1.29-1.3.aarch64", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.29-1.3.aarch64", product: { name: "libxslt-devel-32bit-1.1.29-1.3.aarch64", product_id: "libxslt-devel-32bit-1.1.29-1.3.aarch64", }, }, { category: "product_version", name: "libxslt-python-1.1.29-1.3.aarch64", product: { name: "libxslt-python-1.1.29-1.3.aarch64", product_id: "libxslt-python-1.1.29-1.3.aarch64", }, }, { category: "product_version", name: "libxslt-tools-1.1.29-1.3.aarch64", product: { name: "libxslt-tools-1.1.29-1.3.aarch64", product_id: "libxslt-tools-1.1.29-1.3.aarch64", }, }, { category: "product_version", name: "libxslt1-1.1.29-1.3.aarch64", product: { name: "libxslt1-1.1.29-1.3.aarch64", product_id: "libxslt1-1.1.29-1.3.aarch64", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.29-1.3.aarch64", product: { name: "libxslt1-32bit-1.1.29-1.3.aarch64", product_id: "libxslt1-32bit-1.1.29-1.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.29-1.3.ppc64le", product: { name: "libxslt-devel-1.1.29-1.3.ppc64le", product_id: "libxslt-devel-1.1.29-1.3.ppc64le", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.29-1.3.ppc64le", product: { name: "libxslt-devel-32bit-1.1.29-1.3.ppc64le", product_id: "libxslt-devel-32bit-1.1.29-1.3.ppc64le", }, }, { category: "product_version", name: "libxslt-python-1.1.29-1.3.ppc64le", product: { name: "libxslt-python-1.1.29-1.3.ppc64le", product_id: "libxslt-python-1.1.29-1.3.ppc64le", }, }, { category: "product_version", name: "libxslt-tools-1.1.29-1.3.ppc64le", product: { name: "libxslt-tools-1.1.29-1.3.ppc64le", product_id: "libxslt-tools-1.1.29-1.3.ppc64le", }, }, { category: "product_version", name: "libxslt1-1.1.29-1.3.ppc64le", product: { name: "libxslt1-1.1.29-1.3.ppc64le", product_id: "libxslt1-1.1.29-1.3.ppc64le", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.29-1.3.ppc64le", product: { name: "libxslt1-32bit-1.1.29-1.3.ppc64le", product_id: "libxslt1-32bit-1.1.29-1.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.29-1.3.s390x", product: { name: "libxslt-devel-1.1.29-1.3.s390x", product_id: "libxslt-devel-1.1.29-1.3.s390x", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.29-1.3.s390x", product: { name: "libxslt-devel-32bit-1.1.29-1.3.s390x", product_id: "libxslt-devel-32bit-1.1.29-1.3.s390x", }, }, { category: "product_version", name: "libxslt-python-1.1.29-1.3.s390x", product: { name: "libxslt-python-1.1.29-1.3.s390x", product_id: "libxslt-python-1.1.29-1.3.s390x", }, }, { category: "product_version", name: "libxslt-tools-1.1.29-1.3.s390x", product: { name: "libxslt-tools-1.1.29-1.3.s390x", product_id: "libxslt-tools-1.1.29-1.3.s390x", }, }, { category: "product_version", name: "libxslt1-1.1.29-1.3.s390x", product: { name: "libxslt1-1.1.29-1.3.s390x", product_id: "libxslt1-1.1.29-1.3.s390x", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.29-1.3.s390x", product: { name: "libxslt1-32bit-1.1.29-1.3.s390x", product_id: "libxslt1-32bit-1.1.29-1.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.29-1.3.x86_64", product: { name: "libxslt-devel-1.1.29-1.3.x86_64", product_id: "libxslt-devel-1.1.29-1.3.x86_64", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.29-1.3.x86_64", product: { name: "libxslt-devel-32bit-1.1.29-1.3.x86_64", product_id: "libxslt-devel-32bit-1.1.29-1.3.x86_64", }, }, { category: "product_version", name: "libxslt-python-1.1.29-1.3.x86_64", product: { name: "libxslt-python-1.1.29-1.3.x86_64", product_id: "libxslt-python-1.1.29-1.3.x86_64", }, }, { category: "product_version", name: "libxslt-tools-1.1.29-1.3.x86_64", product: { name: "libxslt-tools-1.1.29-1.3.x86_64", product_id: "libxslt-tools-1.1.29-1.3.x86_64", }, }, { category: "product_version", name: "libxslt1-1.1.29-1.3.x86_64", product: { name: "libxslt1-1.1.29-1.3.x86_64", product_id: "libxslt1-1.1.29-1.3.x86_64", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.29-1.3.x86_64", product: { name: "libxslt1-32bit-1.1.29-1.3.x86_64", product_id: "libxslt1-32bit-1.1.29-1.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.aarch64", }, product_reference: "libxslt-devel-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.ppc64le", }, product_reference: "libxslt-devel-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.s390x", }, product_reference: "libxslt-devel-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.x86_64", }, product_reference: "libxslt-devel-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.aarch64", }, product_reference: "libxslt-devel-32bit-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.ppc64le", }, product_reference: "libxslt-devel-32bit-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.s390x", }, product_reference: "libxslt-devel-32bit-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.x86_64", }, product_reference: "libxslt-devel-32bit-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.aarch64", }, product_reference: "libxslt-python-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.ppc64le", }, product_reference: "libxslt-python-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.s390x", }, product_reference: "libxslt-python-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.x86_64", }, product_reference: "libxslt-python-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.aarch64", }, product_reference: "libxslt-tools-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.ppc64le", }, product_reference: "libxslt-tools-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.s390x", }, product_reference: "libxslt-tools-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.x86_64", }, product_reference: "libxslt-tools-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.aarch64", }, product_reference: "libxslt1-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.ppc64le", }, product_reference: "libxslt1-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.s390x", }, product_reference: "libxslt1-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.x86_64", }, product_reference: "libxslt1-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.29-1.3.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.aarch64", }, product_reference: "libxslt1-32bit-1.1.29-1.3.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.29-1.3.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.ppc64le", }, product_reference: "libxslt1-32bit-1.1.29-1.3.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.29-1.3.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.s390x", }, product_reference: "libxslt1-32bit-1.1.29-1.3.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.29-1.3.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.x86_64", }, product_reference: "libxslt1-32bit-1.1.29-1.3.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-devel-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-devel-32bit-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-python-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt-tools-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt1-1.1.29-1.3.x86_64", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.aarch64", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.ppc64le", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.s390x", "openSUSE Tumbleweed:libxslt1-32bit-1.1.29-1.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7995", }, ], }
wid-sec-w-2023-1614
Vulnerability from csaf_certbund
Published
2023-06-29 22:00
Modified
2023-10-25 22:00
Summary
Tenable Security Nessus Network Monitor: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1614 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json", }, { category: "self", summary: "WID-SEC-2023-1614 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614", }, { category: "external", summary: "Tenable Security Advisory TNS-2023-34 vom 2023-10-25", url: "https://de.tenable.com/security/tns-2023-34", }, { category: "external", summary: "Tenable Security Advisory vom 2023-06-29", url: "https://de.tenable.com/security/tns-2023-23", }, ], source_lang: "en-US", title: "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-25T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:59.941+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1614", initial_release_date: "2023-06-29T22:00:00.000+00:00", revision_history: [ { date: "2023-06-29T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-03T22:00:00.000+00:00", number: "2", summary: "Produkt berichtigt", }, { date: "2023-10-25T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Tenable aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Tenable Security Nessus Network Monitor < 6.2.2", product: { name: "Tenable Security Nessus Network Monitor < 6.2.2", product_id: "T028403", product_identification_helper: { cpe: "cpe:/a:tenable:nessus_network_monitor:6.2.2", }, }, }, ], category: "vendor", name: "Tenable Security", }, ], }, vulnerabilities: [ { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-31147", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31147", }, { cve: "CVE-2023-31130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31130", }, { cve: "CVE-2023-31124", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31124", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-29824", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-29824", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-23395", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23395", }, { cve: "CVE-2022-23308", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23308", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2021-45346", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-45346", }, { cve: "CVE-2021-3672", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3672", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3541", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3541", }, { cve: "CVE-2021-3537", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3537", }, { cve: "CVE-2021-3518", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3518", }, { cve: "CVE-2021-3517", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3517", }, { cve: "CVE-2021-31239", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-31239", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-20227", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-20227", }, { cve: "CVE-2020-9327", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-9327", }, { cve: "CVE-2020-7595", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-7595", }, { cve: "CVE-2020-35527", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35527", }, { cve: "CVE-2020-35525", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35525", }, { cve: "CVE-2020-24977", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-24977", }, { cve: "CVE-2020-15358", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-15358", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-13871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13871", }, { cve: "CVE-2020-13632", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13632", }, { cve: "CVE-2020-13631", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13631", }, { cve: "CVE-2020-13630", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13630", }, { cve: "CVE-2020-13435", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13435", }, { cve: "CVE-2020-13434", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13434", }, { cve: "CVE-2020-11656", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11656", }, { cve: "CVE-2020-11655", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11655", }, { cve: "CVE-2019-9937", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9937", }, { cve: "CVE-2019-9936", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9936", }, { cve: "CVE-2019-8457", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-8457", }, { cve: "CVE-2019-5815", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-5815", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2019-20388", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20388", }, { cve: "CVE-2019-20218", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20218", }, { cve: "CVE-2019-19959", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19959", }, { cve: "CVE-2019-19956", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19956", }, { cve: "CVE-2019-19926", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19926", }, { cve: "CVE-2019-19925", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19925", }, { cve: "CVE-2019-19924", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19924", }, { cve: "CVE-2019-19923", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19923", }, { cve: "CVE-2019-19880", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19880", }, { cve: "CVE-2019-19646", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19646", }, { cve: "CVE-2019-19645", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19645", }, { cve: "CVE-2019-19603", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19603", }, { cve: "CVE-2019-19317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19317", }, { cve: "CVE-2019-19244", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19244", }, { cve: "CVE-2019-19242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19242", }, { cve: "CVE-2019-16168", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-16168", }, { cve: "CVE-2019-13118", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13118", }, { cve: "CVE-2019-13117", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13117", }, { cve: "CVE-2019-12900", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-12900", }, { cve: "CVE-2019-11068", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-11068", }, { cve: "CVE-2018-9251", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-9251", }, { cve: "CVE-2018-14567", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14567", }, { cve: "CVE-2018-14404", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14404", }, { cve: "CVE-2017-9050", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9050", }, { cve: "CVE-2017-9049", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9049", }, { cve: "CVE-2017-9048", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9048", }, { cve: "CVE-2017-9047", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9047", }, { cve: "CVE-2017-8872", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-8872", }, { cve: "CVE-2017-7376", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7376", }, { cve: "CVE-2017-7375", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7375", }, { cve: "CVE-2017-5969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5969", }, { cve: "CVE-2017-5130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5130", }, { cve: "CVE-2017-5029", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5029", }, { cve: "CVE-2017-18258", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-18258", }, { cve: "CVE-2017-16932", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16932", }, { cve: "CVE-2017-16931", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16931", }, { cve: "CVE-2017-15412", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-15412", }, { cve: "CVE-2017-1000381", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000381", }, { cve: "CVE-2017-1000061", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000061", }, { cve: "CVE-2016-9598", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9598", }, { cve: "CVE-2016-9597", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9597", }, { cve: "CVE-2016-9596", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9596", }, { cve: "CVE-2016-5180", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5180", }, { cve: "CVE-2016-5131", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5131", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2016-4609", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4609", }, { cve: "CVE-2016-4607", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4607", }, { cve: "CVE-2016-4483", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4483", }, { cve: "CVE-2016-4449", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4449", }, { cve: "CVE-2016-4448", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4448", }, { cve: "CVE-2016-4447", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4447", }, { cve: "CVE-2016-3709", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3709", }, { cve: "CVE-2016-3705", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3705", }, { cve: "CVE-2016-3627", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3627", }, { cve: "CVE-2016-3189", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3189", }, { cve: "CVE-2016-2073", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-2073", }, { cve: "CVE-2016-1840", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1840", }, { cve: "CVE-2016-1839", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1839", }, { cve: "CVE-2016-1838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1838", }, { cve: "CVE-2016-1837", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1837", }, { cve: "CVE-2016-1836", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1836", }, { cve: "CVE-2016-1834", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1834", }, { cve: "CVE-2016-1833", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1833", }, { cve: "CVE-2016-1762", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1762", }, { cve: "CVE-2016-1684", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1684", }, { cve: "CVE-2016-1683", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1683", }, { cve: "CVE-2015-9019", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-9019", }, { cve: "CVE-2015-8806", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8806", }, { cve: "CVE-2015-8710", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8710", }, { cve: "CVE-2015-8317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8317", }, { cve: "CVE-2015-8242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8242", }, { cve: "CVE-2015-8241", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8241", }, { cve: "CVE-2015-8035", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8035", }, { cve: "CVE-2015-7995", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7995", }, { cve: "CVE-2015-7942", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7942", }, { cve: "CVE-2015-7941", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7941", }, { cve: "CVE-2015-7500", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7500", }, { cve: "CVE-2015-7499", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7499", }, { cve: "CVE-2015-7498", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7498", }, { cve: "CVE-2015-7497", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7497", }, { cve: "CVE-2015-5312", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-5312", }, { cve: "CVE-2014-3660", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2014-3660", }, { cve: "CVE-2013-4520", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-4520", }, { cve: "CVE-2013-2877", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-2877", }, { cve: "CVE-2013-1969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-1969", }, { cve: "CVE-2013-0339", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0339", }, { cve: "CVE-2013-0338", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0338", }, { cve: "CVE-2012-6139", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-6139", }, { cve: "CVE-2012-5134", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-5134", }, { cve: "CVE-2012-2871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2871", }, { cve: "CVE-2012-2870", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2870", }, { cve: "CVE-2012-0841", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-0841", }, { cve: "CVE-2011-3970", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-3970", }, { cve: "CVE-2011-1944", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1944", }, { cve: "CVE-2011-1202", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1202", }, { cve: "CVE-2010-4494", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4494", }, { cve: "CVE-2010-4008", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4008", }, ], }
WID-SEC-W-2023-1614
Vulnerability from csaf_certbund
Published
2023-06-29 22:00
Modified
2023-10-25 22:00
Summary
Tenable Security Nessus Network Monitor: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1614 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json", }, { category: "self", summary: "WID-SEC-2023-1614 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614", }, { category: "external", summary: "Tenable Security Advisory TNS-2023-34 vom 2023-10-25", url: "https://de.tenable.com/security/tns-2023-34", }, { category: "external", summary: "Tenable Security Advisory vom 2023-06-29", url: "https://de.tenable.com/security/tns-2023-23", }, ], source_lang: "en-US", title: "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-25T22:00:00.000+00:00", generator: { date: "2024-08-15T17:53:59.941+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1614", initial_release_date: "2023-06-29T22:00:00.000+00:00", revision_history: [ { date: "2023-06-29T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-07-03T22:00:00.000+00:00", number: "2", summary: "Produkt berichtigt", }, { date: "2023-10-25T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Tenable aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Tenable Security Nessus Network Monitor < 6.2.2", product: { name: "Tenable Security Nessus Network Monitor < 6.2.2", product_id: "T028403", product_identification_helper: { cpe: "cpe:/a:tenable:nessus_network_monitor:6.2.2", }, }, }, ], category: "vendor", name: "Tenable Security", }, ], }, vulnerabilities: [ { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-31147", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31147", }, { cve: "CVE-2023-31130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31130", }, { cve: "CVE-2023-31124", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-31124", }, { cve: "CVE-2023-29469", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-29469", }, { cve: "CVE-2023-28484", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28484", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-2650", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-2650", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-1255", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-1255", }, { cve: "CVE-2023-0466", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0466", }, { cve: "CVE-2023-0465", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2023-0465", }, { cve: "CVE-2022-4904", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-4904", }, { cve: "CVE-2022-46908", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-46908", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-35737", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35737", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-31160", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-31160", }, { cve: "CVE-2022-29824", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-29824", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-23395", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23395", }, { cve: "CVE-2022-23308", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-23308", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2021-45346", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-45346", }, { cve: "CVE-2021-3672", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3672", }, { cve: "CVE-2021-36690", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-36690", }, { cve: "CVE-2021-3541", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3541", }, { cve: "CVE-2021-3537", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3537", }, { cve: "CVE-2021-3518", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3518", }, { cve: "CVE-2021-3517", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-3517", }, { cve: "CVE-2021-31239", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-31239", }, { cve: "CVE-2021-30560", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-30560", }, { cve: "CVE-2021-20227", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2021-20227", }, { cve: "CVE-2020-9327", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-9327", }, { cve: "CVE-2020-7595", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-7595", }, { cve: "CVE-2020-35527", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35527", }, { cve: "CVE-2020-35525", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-35525", }, { cve: "CVE-2020-24977", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-24977", }, { cve: "CVE-2020-15358", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-15358", }, { cve: "CVE-2020-14155", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-14155", }, { cve: "CVE-2020-13871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13871", }, { cve: "CVE-2020-13632", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13632", }, { cve: "CVE-2020-13631", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13631", }, { cve: "CVE-2020-13630", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13630", }, { cve: "CVE-2020-13435", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13435", }, { cve: "CVE-2020-13434", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-13434", }, { cve: "CVE-2020-11656", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11656", }, { cve: "CVE-2020-11655", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2020-11655", }, { cve: "CVE-2019-9937", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9937", }, { cve: "CVE-2019-9936", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-9936", }, { cve: "CVE-2019-8457", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-8457", }, { cve: "CVE-2019-5815", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-5815", }, { cve: "CVE-2019-20838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20838", }, { cve: "CVE-2019-20388", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20388", }, { cve: "CVE-2019-20218", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-20218", }, { cve: "CVE-2019-19959", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19959", }, { cve: "CVE-2019-19956", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19956", }, { cve: "CVE-2019-19926", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19926", }, { cve: "CVE-2019-19925", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19925", }, { cve: "CVE-2019-19924", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19924", }, { cve: "CVE-2019-19923", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19923", }, { cve: "CVE-2019-19880", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19880", }, { cve: "CVE-2019-19646", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19646", }, { cve: "CVE-2019-19645", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19645", }, { cve: "CVE-2019-19603", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19603", }, { cve: "CVE-2019-19317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19317", }, { cve: "CVE-2019-19244", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19244", }, { cve: "CVE-2019-19242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-19242", }, { cve: "CVE-2019-16168", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-16168", }, { cve: "CVE-2019-13118", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13118", }, { cve: "CVE-2019-13117", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-13117", }, { cve: "CVE-2019-12900", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-12900", }, { cve: "CVE-2019-11068", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2019-11068", }, { cve: "CVE-2018-9251", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-9251", }, { cve: "CVE-2018-14567", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14567", }, { cve: "CVE-2018-14404", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2018-14404", }, { cve: "CVE-2017-9050", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9050", }, { cve: "CVE-2017-9049", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9049", }, { cve: "CVE-2017-9048", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9048", }, { cve: "CVE-2017-9047", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-9047", }, { cve: "CVE-2017-8872", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-8872", }, { cve: "CVE-2017-7376", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7376", }, { cve: "CVE-2017-7375", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-7375", }, { cve: "CVE-2017-5969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5969", }, { cve: "CVE-2017-5130", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5130", }, { cve: "CVE-2017-5029", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-5029", }, { cve: "CVE-2017-18258", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-18258", }, { cve: "CVE-2017-16932", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16932", }, { cve: "CVE-2017-16931", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-16931", }, { cve: "CVE-2017-15412", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-15412", }, { cve: "CVE-2017-1000381", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000381", }, { cve: "CVE-2017-1000061", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2017-1000061", }, { cve: "CVE-2016-9598", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9598", }, { cve: "CVE-2016-9597", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9597", }, { cve: "CVE-2016-9596", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-9596", }, { cve: "CVE-2016-5180", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5180", }, { cve: "CVE-2016-5131", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-5131", }, { cve: "CVE-2016-4658", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4658", }, { cve: "CVE-2016-4609", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4609", }, { cve: "CVE-2016-4607", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4607", }, { cve: "CVE-2016-4483", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4483", }, { cve: "CVE-2016-4449", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4449", }, { cve: "CVE-2016-4448", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4448", }, { cve: "CVE-2016-4447", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-4447", }, { cve: "CVE-2016-3709", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3709", }, { cve: "CVE-2016-3705", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3705", }, { cve: "CVE-2016-3627", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3627", }, { cve: "CVE-2016-3189", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-3189", }, { cve: "CVE-2016-2073", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-2073", }, { cve: "CVE-2016-1840", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1840", }, { cve: "CVE-2016-1839", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1839", }, { cve: "CVE-2016-1838", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1838", }, { cve: "CVE-2016-1837", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1837", }, { cve: "CVE-2016-1836", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1836", }, { cve: "CVE-2016-1834", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1834", }, { cve: "CVE-2016-1833", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1833", }, { cve: "CVE-2016-1762", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1762", }, { cve: "CVE-2016-1684", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1684", }, { cve: "CVE-2016-1683", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2016-1683", }, { cve: "CVE-2015-9019", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-9019", }, { cve: "CVE-2015-8806", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8806", }, { cve: "CVE-2015-8710", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8710", }, { cve: "CVE-2015-8317", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8317", }, { cve: "CVE-2015-8242", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8242", }, { cve: "CVE-2015-8241", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8241", }, { cve: "CVE-2015-8035", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-8035", }, { cve: "CVE-2015-7995", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7995", }, { cve: "CVE-2015-7942", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7942", }, { cve: "CVE-2015-7941", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7941", }, { cve: "CVE-2015-7500", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7500", }, { cve: "CVE-2015-7499", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7499", }, { cve: "CVE-2015-7498", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7498", }, { cve: "CVE-2015-7497", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-7497", }, { cve: "CVE-2015-5312", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2015-5312", }, { cve: "CVE-2014-3660", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2014-3660", }, { cve: "CVE-2013-4520", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-4520", }, { cve: "CVE-2013-2877", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-2877", }, { cve: "CVE-2013-1969", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-1969", }, { cve: "CVE-2013-0339", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0339", }, { cve: "CVE-2013-0338", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2013-0338", }, { cve: "CVE-2012-6139", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-6139", }, { cve: "CVE-2012-5134", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-5134", }, { cve: "CVE-2012-2871", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2871", }, { cve: "CVE-2012-2870", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-2870", }, { cve: "CVE-2012-0841", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2012-0841", }, { cve: "CVE-2011-3970", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-3970", }, { cve: "CVE-2011-1944", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1944", }, { cve: "CVE-2011-1202", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2011-1202", }, { cve: "CVE-2010-4494", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4494", }, { cve: "CVE-2010-4008", notes: [ { category: "description", text: "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], release_date: "2023-06-29T22:00:00.000+00:00", title: "CVE-2010-4008", }, ], }
fkie_cve-2015-7995
Vulnerability from fkie_nvd
Published
2015-11-17 15:59
Modified
2024-11-21 02:37
Severity ?
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "66F0A17C-3DC1-4E8A-9291-DD97F386F40C", versionEndIncluding: "9.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "3E7F8660-36B3-469C-81AD-07B25B09E5D7", versionEndIncluding: "10.11.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A", versionEndIncluding: "9.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "FBF14807-BA21-480B-9ED0-A6D53352E87F", versionEndIncluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", matchCriteriaId: "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812", versionEndIncluding: "1.1.28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", }, { lang: "es", value: "La función xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegación de servicio a través de un archivo XML manipulado, relacionado a un problema 'type confusion'.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", id: "CVE-2015-7995", lastModified: "2024-11-21T02:37:48.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-17T15:59:16.287", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3605", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/77325", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1034736", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1038623", }, { source: "cve@mitre.org", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { source: "cve@mitre.org", url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { source: "cve@mitre.org", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { source: "cve@mitre.org", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "cve@mitre.org", url: "https://puppet.com/security/cve/cve-2015-7995", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT205729", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT205731", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT205732", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT206168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038623", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2015-7995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT205729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT205731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT205732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT206168", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-57m4-4wjx-3w7c
Vulnerability from github
Published
2022-05-14 01:23
Modified
2022-05-14 01:23
Details
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
{ affected: [], aliases: [ "CVE-2015-7995", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2015-11-17T15:59:00Z", severity: "MODERATE", }, details: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", id: "GHSA-57m4-4wjx-3w7c", modified: "2022-05-14T01:23:18Z", published: "2022-05-14T01:23:18Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7995", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { type: "WEB", url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { type: "WEB", url: "https://puppet.com/security/cve/cve-2015-7995", }, { type: "WEB", url: "https://support.apple.com/HT205729", }, { type: "WEB", url: "https://support.apple.com/HT205731", }, { type: "WEB", url: "https://support.apple.com/HT205732", }, { type: "WEB", url: "https://support.apple.com/HT206168", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { type: "WEB", url: "http://www.debian.org/security/2016/dsa-3605", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { type: "WEB", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { type: "WEB", url: "http://www.securityfocus.com/bid/77325", }, { type: "WEB", url: "http://www.securitytracker.com/id/1034736", }, { type: "WEB", url: "http://www.securitytracker.com/id/1038623", }, { type: "WEB", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, ], schema_version: "1.4.0", severity: [], }
suse-su-2017:1282-1
Vulnerability from csaf_suse
Published
2017-05-15 14:44
Modified
2017-05-15 14:44
Summary
Security update for libxslt
Notes
Title of the patch
Security update for libxslt
Description of the patch
This update for libxslt fixes the following issues:
- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check
for integer overflow during a size calculation, which allowed a remote attacker
to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).
- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator
could cause a heap overread. This can be exploited to leak a couple of bytes after
the buffer that holds the pattern string (bsc#1005591).
- CVE-2015-9019: Properly initialize random generator (bsc#934119).
- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a
type confusion leading to DoS. (bsc#952474)
Patchnames
sdksp4-libxslt-13104,slessp4-libxslt-13104
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for libxslt", title: "Title of the patch", }, { category: "description", text: "\n This update for libxslt fixes the following issues:\n \n- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check \nfor integer overflow during a size calculation, which allowed a remote attacker \nto perform an out of bounds memory write via a crafted HTML page (bsc#1035905).\n\n- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator \ncould cause a heap overread. This can be exploited to leak a couple of bytes after \nthe buffer that holds the pattern string (bsc#1005591).\n\n- CVE-2015-9019: Properly initialize random generator (bsc#934119).\n\n- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a \ntype confusion leading to DoS. (bsc#952474)\n\n ", title: "Description of the patch", }, { category: "details", text: "sdksp4-libxslt-13104,slessp4-libxslt-13104", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1282-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:1282-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20171282-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:1282-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-May/002865.html", }, { category: "self", summary: "SUSE Bug 1005591", url: "https://bugzilla.suse.com/1005591", }, { category: "self", summary: "SUSE Bug 1035905", url: "https://bugzilla.suse.com/1035905", }, { category: "self", summary: "SUSE Bug 934119", url: "https://bugzilla.suse.com/934119", }, { category: "self", summary: "SUSE Bug 952474", url: "https://bugzilla.suse.com/952474", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-9019 page", url: "https://www.suse.com/security/cve/CVE-2015-9019/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, ], title: "Security update for libxslt", tracking: { current_release_date: "2017-05-15T14:44:26Z", generator: { date: "2017-05-15T14:44:26Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:1282-1", initial_release_date: "2017-05-15T14:44:26Z", revision_history: [ { date: "2017-05-15T14:44:26Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libxslt-devel-1.1.24-19.33.1.i586", product: { name: "libxslt-devel-1.1.24-19.33.1.i586", product_id: "libxslt-devel-1.1.24-19.33.1.i586", }, }, { category: "product_version", name: "libxslt-python-1.1.24-19.33.3.i586", product: { name: "libxslt-python-1.1.24-19.33.3.i586", product_id: "libxslt-python-1.1.24-19.33.3.i586", }, }, { category: "product_version", name: "libxslt-1.1.24-19.33.1.i586", product: { name: "libxslt-1.1.24-19.33.1.i586", product_id: "libxslt-1.1.24-19.33.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.24-19.33.1.ia64", product: { name: "libxslt-devel-1.1.24-19.33.1.ia64", product_id: "libxslt-devel-1.1.24-19.33.1.ia64", }, }, { category: "product_version", name: "libxslt-python-1.1.24-19.33.3.ia64", product: { name: "libxslt-python-1.1.24-19.33.3.ia64", product_id: "libxslt-python-1.1.24-19.33.3.ia64", }, }, { category: "product_version", name: "libxslt-1.1.24-19.33.1.ia64", product: { name: "libxslt-1.1.24-19.33.1.ia64", product_id: "libxslt-1.1.24-19.33.1.ia64", }, }, { category: "product_version", name: "libxslt-x86-1.1.24-19.33.1.ia64", product: { name: "libxslt-x86-1.1.24-19.33.1.ia64", product_id: "libxslt-x86-1.1.24-19.33.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.24-19.33.1.ppc64", product: { name: "libxslt-devel-1.1.24-19.33.1.ppc64", product_id: "libxslt-devel-1.1.24-19.33.1.ppc64", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.24-19.33.1.ppc64", product: { name: "libxslt-devel-32bit-1.1.24-19.33.1.ppc64", product_id: "libxslt-devel-32bit-1.1.24-19.33.1.ppc64", }, }, { category: "product_version", name: "libxslt-python-1.1.24-19.33.3.ppc64", product: { name: "libxslt-python-1.1.24-19.33.3.ppc64", product_id: "libxslt-python-1.1.24-19.33.3.ppc64", }, }, { category: "product_version", name: "libxslt-1.1.24-19.33.1.ppc64", product: { name: "libxslt-1.1.24-19.33.1.ppc64", product_id: "libxslt-1.1.24-19.33.1.ppc64", }, }, { category: "product_version", name: "libxslt-32bit-1.1.24-19.33.1.ppc64", product: { name: "libxslt-32bit-1.1.24-19.33.1.ppc64", product_id: "libxslt-32bit-1.1.24-19.33.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.24-19.33.1.s390x", product: { name: "libxslt-devel-1.1.24-19.33.1.s390x", product_id: "libxslt-devel-1.1.24-19.33.1.s390x", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.24-19.33.1.s390x", product: { name: "libxslt-devel-32bit-1.1.24-19.33.1.s390x", product_id: "libxslt-devel-32bit-1.1.24-19.33.1.s390x", }, }, { category: "product_version", name: "libxslt-python-1.1.24-19.33.3.s390x", product: { name: "libxslt-python-1.1.24-19.33.3.s390x", product_id: "libxslt-python-1.1.24-19.33.3.s390x", }, }, { category: "product_version", name: "libxslt-1.1.24-19.33.1.s390x", product: { name: "libxslt-1.1.24-19.33.1.s390x", product_id: "libxslt-1.1.24-19.33.1.s390x", }, }, { category: "product_version", name: "libxslt-32bit-1.1.24-19.33.1.s390x", product: { name: "libxslt-32bit-1.1.24-19.33.1.s390x", product_id: "libxslt-32bit-1.1.24-19.33.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.24-19.33.1.x86_64", product: { name: "libxslt-devel-1.1.24-19.33.1.x86_64", product_id: "libxslt-devel-1.1.24-19.33.1.x86_64", }, }, { category: "product_version", name: "libxslt-devel-32bit-1.1.24-19.33.1.x86_64", product: { name: "libxslt-devel-32bit-1.1.24-19.33.1.x86_64", product_id: "libxslt-devel-32bit-1.1.24-19.33.1.x86_64", }, }, { category: "product_version", name: "libxslt-python-1.1.24-19.33.3.x86_64", product: { name: "libxslt-python-1.1.24-19.33.3.x86_64", product_id: "libxslt-python-1.1.24-19.33.3.x86_64", }, }, { category: "product_version", name: "libxslt-1.1.24-19.33.1.x86_64", product: { name: "libxslt-1.1.24-19.33.1.x86_64", product_id: "libxslt-1.1.24-19.33.1.x86_64", }, }, { category: "product_version", name: "libxslt-32bit-1.1.24-19.33.1.x86_64", product: { name: "libxslt-32bit-1.1.24-19.33.1.x86_64", product_id: "libxslt-32bit-1.1.24-19.33.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.24-19.33.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", }, product_reference: "libxslt-devel-1.1.24-19.33.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.24-19.33.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", }, product_reference: "libxslt-devel-1.1.24-19.33.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-devel-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-devel-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-devel-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-devel-32bit-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-devel-32bit-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-32bit-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-devel-32bit-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.24-19.33.3.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", }, product_reference: "libxslt-python-1.1.24-19.33.3.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.24-19.33.3.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", }, product_reference: "libxslt-python-1.1.24-19.33.3.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.24-19.33.3.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", }, product_reference: "libxslt-python-1.1.24-19.33.3.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.24-19.33.3.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", }, product_reference: "libxslt-python-1.1.24-19.33.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-python-1.1.24-19.33.3.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", }, product_reference: "libxslt-python-1.1.24-19.33.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", }, product_reference: "libxslt-1.1.24-19.33.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", }, product_reference: "libxslt-1.1.24-19.33.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-x86-1.1.24-19.33.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", }, product_reference: "libxslt-x86-1.1.24-19.33.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", }, product_reference: "libxslt-1.1.24-19.33.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", }, product_reference: "libxslt-1.1.24-19.33.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-32bit-1.1.24-19.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", }, product_reference: "libxslt-32bit-1.1.24-19.33.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libxslt-x86-1.1.24-19.33.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", }, product_reference: "libxslt-x86-1.1.24-19.33.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-15T14:44:26Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-9019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-9019", }, ], notes: [ { category: "general", text: "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-9019", url: "https://www.suse.com/security/cve/CVE-2015-9019", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-9019", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 934119 for CVE-2015-9019", url: "https://bugzilla.suse.com/934119", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-15T14:44:26Z", details: "low", }, ], title: "CVE-2015-9019", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-15T14:44:26Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libxslt-x86-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-devel-32bit-1.1.24-19.33.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libxslt-python-1.1.24-19.33.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-15T14:44:26Z", details: "low", }, ], title: "CVE-2017-5029", }, ], }
suse-su-2017:1313-1
Vulnerability from csaf_suse
Published
2017-05-16 13:41
Modified
2017-05-16 13:41
Summary
Security update for libxslt
Notes
Title of the patch
Security update for libxslt
Description of the patch
This update for libxslt fixes the following issues:
- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check
for integer overflow during a size calculation, which allowed a remote attacker
to perform an out of bounds memory write via a crafted HTML page (bsc#1035905).
- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator
could cause a heap overread. This can be exploited to leak a couple of bytes after
the buffer that holds the pattern string (bsc#1005591).
- CVE-2015-9019: Properly initialize random generator (bsc#934119).
- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a
type confusion leading to DoS. (bsc#952474)
Patchnames
SUSE-SLE-DESKTOP-12-SP1-2017-793,SUSE-SLE-DESKTOP-12-SP2-2017-793,SUSE-SLE-RPI-12-SP2-2017-793,SUSE-SLE-SDK-12-SP1-2017-793,SUSE-SLE-SDK-12-SP2-2017-793,SUSE-SLE-SERVER-12-SP1-2017-793,SUSE-SLE-SERVER-12-SP2-2017-793
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for libxslt", title: "Title of the patch", }, { category: "description", text: "\n This update for libxslt fixes the following issues:\n \n\n- CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check \nfor integer overflow during a size calculation, which allowed a remote attacker \nto perform an out of bounds memory write via a crafted HTML page (bsc#1035905).\n\n- CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator \ncould cause a heap overread. This can be exploited to leak a couple of bytes after \nthe buffer that holds the pattern string (bsc#1005591).\n\n- CVE-2015-9019: Properly initialize random generator (bsc#934119).\n\n- CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a \ntype confusion leading to DoS. (bsc#952474)\n\n ", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-SP1-2017-793,SUSE-SLE-DESKTOP-12-SP2-2017-793,SUSE-SLE-RPI-12-SP2-2017-793,SUSE-SLE-SDK-12-SP1-2017-793,SUSE-SLE-SDK-12-SP2-2017-793,SUSE-SLE-SERVER-12-SP1-2017-793,SUSE-SLE-SERVER-12-SP2-2017-793", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1313-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:1313-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20171313-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:1313-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-May/002887.html", }, { category: "self", summary: "SUSE Bug 1005591", url: "https://bugzilla.suse.com/1005591", }, { category: "self", summary: "SUSE Bug 1035905", url: "https://bugzilla.suse.com/1035905", }, { category: "self", summary: "SUSE Bug 934119", url: "https://bugzilla.suse.com/934119", }, { category: "self", summary: "SUSE Bug 952474", url: "https://bugzilla.suse.com/952474", }, { category: "self", summary: "SUSE CVE CVE-2015-7995 page", url: "https://www.suse.com/security/cve/CVE-2015-7995/", }, { category: "self", summary: "SUSE CVE CVE-2015-9019 page", url: "https://www.suse.com/security/cve/CVE-2015-9019/", }, { category: "self", summary: "SUSE CVE CVE-2016-4738 page", url: "https://www.suse.com/security/cve/CVE-2016-4738/", }, { category: "self", summary: "SUSE CVE CVE-2017-5029 page", url: "https://www.suse.com/security/cve/CVE-2017-5029/", }, ], title: "Security update for libxslt", tracking: { current_release_date: "2017-05-16T13:41:07Z", generator: { date: "2017-05-16T13:41:07Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:1313-1", initial_release_date: "2017-05-16T13:41:07Z", revision_history: [ { date: "2017-05-16T13:41:07Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libxslt-tools-1.1.28-16.1.aarch64", product: { name: "libxslt-tools-1.1.28-16.1.aarch64", product_id: "libxslt-tools-1.1.28-16.1.aarch64", }, }, { category: "product_version", name: "libxslt1-1.1.28-16.1.aarch64", product: { name: "libxslt1-1.1.28-16.1.aarch64", product_id: "libxslt1-1.1.28-16.1.aarch64", }, }, { category: "product_version", name: "libxslt-devel-1.1.28-16.1.aarch64", product: { name: "libxslt-devel-1.1.28-16.1.aarch64", product_id: "libxslt-devel-1.1.28-16.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.28-16.1.ppc64le", product: { name: "libxslt-devel-1.1.28-16.1.ppc64le", product_id: "libxslt-devel-1.1.28-16.1.ppc64le", }, }, { category: "product_version", name: "libxslt-tools-1.1.28-16.1.ppc64le", product: { name: "libxslt-tools-1.1.28-16.1.ppc64le", product_id: "libxslt-tools-1.1.28-16.1.ppc64le", }, }, { category: "product_version", name: "libxslt1-1.1.28-16.1.ppc64le", product: { name: "libxslt1-1.1.28-16.1.ppc64le", product_id: "libxslt1-1.1.28-16.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxslt-devel-1.1.28-16.1.s390x", product: { name: "libxslt-devel-1.1.28-16.1.s390x", product_id: "libxslt-devel-1.1.28-16.1.s390x", }, }, { category: "product_version", name: "libxslt-tools-1.1.28-16.1.s390x", product: { name: "libxslt-tools-1.1.28-16.1.s390x", product_id: "libxslt-tools-1.1.28-16.1.s390x", }, }, { category: "product_version", name: "libxslt1-1.1.28-16.1.s390x", product: { name: "libxslt1-1.1.28-16.1.s390x", product_id: "libxslt1-1.1.28-16.1.s390x", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.28-16.1.s390x", product: { name: "libxslt1-32bit-1.1.28-16.1.s390x", product_id: "libxslt1-32bit-1.1.28-16.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxslt-tools-1.1.28-16.1.x86_64", product: { name: "libxslt-tools-1.1.28-16.1.x86_64", product_id: "libxslt-tools-1.1.28-16.1.x86_64", }, }, { category: "product_version", name: "libxslt1-1.1.28-16.1.x86_64", product: { name: "libxslt1-1.1.28-16.1.x86_64", product_id: "libxslt1-1.1.28-16.1.x86_64", }, }, { category: "product_version", name: "libxslt1-32bit-1.1.28-16.1.x86_64", product: { name: "libxslt1-32bit-1.1.28-16.1.x86_64", product_id: "libxslt1-32bit-1.1.28-16.1.x86_64", }, }, { category: "product_version", name: "libxslt-devel-1.1.28-16.1.x86_64", product: { name: "libxslt-devel-1.1.28-16.1.x86_64", product_id: "libxslt-devel-1.1.28-16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP1", product: { name: "SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Desktop 12 SP2", product: { name: "SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sled:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product: { name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP2", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP1", product: { name: "SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2", product: { name: "SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1", product_id: "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2", product_id: "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", }, product_reference: "libxslt-tools-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", }, product_reference: "libxslt1-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-devel-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", }, product_reference: "libxslt-devel-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", }, product_reference: "libxslt-devel-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", }, product_reference: "libxslt-devel-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-devel-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", }, product_reference: "libxslt-devel-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-devel-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", }, product_reference: "libxslt-devel-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-tools-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", }, product_reference: "libxslt-tools-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", }, product_reference: "libxslt1-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", }, product_reference: "libxslt1-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", }, product_reference: "libxslt1-32bit-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1", product_id: "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-tools-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", }, product_reference: "libxslt-tools-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", }, product_reference: "libxslt1-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", }, product_reference: "libxslt1-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", }, product_reference: "libxslt1-32bit-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP1", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", }, product_reference: "libxslt-tools-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-tools-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", }, product_reference: "libxslt-tools-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", }, product_reference: "libxslt1-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", }, product_reference: "libxslt1-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", }, product_reference: "libxslt1-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", }, product_reference: "libxslt1-32bit-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", }, product_reference: "libxslt-tools-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", }, product_reference: "libxslt-tools-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", }, product_reference: "libxslt-tools-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt-tools-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", }, product_reference: "libxslt-tools-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", }, product_reference: "libxslt1-1.1.28-16.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", }, product_reference: "libxslt1-1.1.28-16.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", }, product_reference: "libxslt1-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", }, product_reference: "libxslt1-32bit-1.1.28-16.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "libxslt1-32bit-1.1.28-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", }, product_reference: "libxslt1-32bit-1.1.28-16.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2015-7995", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7995", }, ], notes: [ { category: "general", text: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7995", url: "https://www.suse.com/security/cve/CVE-2015-7995", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-7995", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 952474 for CVE-2015-7995", url: "https://bugzilla.suse.com/952474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-16T13:41:07Z", details: "low", }, ], title: "CVE-2015-7995", }, { cve: "CVE-2015-9019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-9019", }, ], notes: [ { category: "general", text: "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-9019", url: "https://www.suse.com/security/cve/CVE-2015-9019", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2015-9019", url: "https://bugzilla.suse.com/1123130", }, { category: "external", summary: "SUSE Bug 934119 for CVE-2015-9019", url: "https://bugzilla.suse.com/934119", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-16T13:41:07Z", details: "low", }, ], title: "CVE-2015-9019", }, { cve: "CVE-2016-4738", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4738", }, ], notes: [ { category: "general", text: "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4738", url: "https://www.suse.com/security/cve/CVE-2016-4738", }, { category: "external", summary: "SUSE Bug 1005591 for CVE-2016-4738", url: "https://bugzilla.suse.com/1005591", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2016-4738", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-16T13:41:07Z", details: "moderate", }, ], title: "CVE-2016-4738", }, { cve: "CVE-2017-5029", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5029", }, ], notes: [ { category: "general", text: "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5029", url: "https://www.suse.com/security/cve/CVE-2017-5029", }, { category: "external", summary: "SUSE Bug 1028848 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028848", }, { category: "external", summary: "SUSE Bug 1028875 for CVE-2017-5029", url: "https://bugzilla.suse.com/1028875", }, { category: "external", summary: "SUSE Bug 1035905 for CVE-2017-5029", url: "https://bugzilla.suse.com/1035905", }, { category: "external", summary: "SUSE Bug 1123130 for CVE-2017-5029", url: "https://bugzilla.suse.com/1123130", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Desktop 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt-tools-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libxslt1-32bit-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP1:libxslt-devel-1.1.28-16.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP2:libxslt-devel-1.1.28-16.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-05-16T13:41:07Z", details: "low", }, ], title: "CVE-2017-5029", }, ], }
var-201511-0027
Vulnerability from variot
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlCrafted by attackers XML Through the file Service operation interruption (DoS) There is a possibility of being put into a state. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3605-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq
Package : libxslt CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Debian Bug : 802971
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library.
For the stable distribution (jessie), these problems have been fixed in version 1.1.28-2+deb8u1.
We recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-2 watchOS 2.2
watchOS 2.2 is now available and addresses the following:
Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team
FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor
Messages Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
syslog Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs
TrueTypeScaler Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
WebKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple
Wi-Fi Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6 CHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9 +bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt xLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu ArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb 5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why oB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4 5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+ 7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9 MGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj nmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b 82FzLX2fEJg5XYLhXQrg =lORW -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05158380
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05158380 Version: 1
HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-01 Last Updated: 2016-06-01
Potential Security Impact: Cross-Site Request Forgery (CSRF), Remote Arbitrary Code Execution, Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF).
References:
CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
System Management Homepage Prior to 7.5.5 HP Systems Insight Manager (HP SIM), Prior to 7.5.1 HP Insight Control Prior to 7.5.1 HPE Version Control Repository Manager Prior to 7.5.1 HPE Server Migration Pack Prior to 7.5.1 HP Insight Control server provisioning Prior to 7.5.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4969 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-3195 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-3237 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-6565 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2015-7501 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-7995 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-8035 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2016-0705 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-0728 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2015 (AV:L/AC:H/Au:S/C:C/I:C/A:N) 5.5 CVE-2016-2017 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2018 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2016-2019 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2020 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2 CVE-2016-2021 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2022 (AV:N/AC:H/Au:M/C:P/I:P/A:N) 3.2 CVE-2016-2024 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2016-2030 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve these vulnerabilities in HPE Insight Control. The HPE Insight Control 7.5.1 Update kit applicable to HPE Insight Control 7.5.x installations is available at the following location:
http://www.hpe.com/info/insightcontrol
HPE has addressed these vulnerabilities for the impacted software components bundled with HPE Insight Control in the following HPE Security Bulletins:
HPE Systems Insight Manager (SIM) (HPE Security Bulletin: HPSBMU03590)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085
HPE System Management Homepage (SMH) (HPE Security Bulletin: HPSBMU03593)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017
Version Control Repository Manager (VCRM) (HPE Security Bulletin: HPSBMU03589)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131044
HPE Server Migration Pack(SMP) (HPE Security Bulletin: HPSBMU03591)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05130958
HPE Insight Control server provisioning (HPE Security Bulletin: HPSBMU03600)
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c05150736
HISTORY Version:1 (rev.1) - 1 June 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-3271-1 April 28, 2017
libxslt vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Libxslt.
Software Description: - libxslt: XSLT processing library
Details:
Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)
It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995)
Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)
It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libxslt1.1 1.1.29-2ubuntu0.1
Ubuntu 16.10: libxslt1.1 1.1.29-1ubuntu0.1
Ubuntu 16.04 LTS: libxslt1.1 1.1.28-2.1ubuntu0.1
Ubuntu 14.04 LTS: libxslt1.1 1.1.28-2ubuntu0.1
Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3271-1 CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841, CVE-2016-4738, CVE-2017-5029
Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4
. CVE-ID CVE-2015-7995 : puzzor
OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix
WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0027", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tvos", scope: "lte", trust: 1, vendor: "apple", version: "9.1", }, { model: "libxslt", scope: "lte", trust: 1, vendor: "xmlsoft", version: "1.1.28", }, { model: "mac os x", scope: "lte", trust: 1, vendor: "apple", version: "10.11.2", }, { model: "iphone os", scope: "lte", trust: 1, vendor: "apple", version: "9.2", }, { model: "watchos", scope: "lte", trust: 1, vendor: "apple", version: "2.1", }, { model: "libxslt", scope: "eq", trust: 0.8, vendor: "xmlsoft", version: "1.1.28", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10.5", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.11.2 for up to 10.11", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2.1 (ipad 2 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2.1 (iphone 4s or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2.1 (ipod touch first 5 after generation )", }, { model: "tvos", scope: "lt", trust: 0.8, vendor: "apple", version: "9.1.1 (apple tv first 4 generation )", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch edition)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch hermes)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch sport)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2 (apple watch)", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "none", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "server provisioning", }, { model: "hpe server migration pack", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe systems insight manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe version control repository manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "system management homepage", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "watchos", scope: "eq", trust: 0.6, vendor: "apple", version: "2.1", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "CNNVD", id: "CNNVD-201511-024", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.1.28", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-7995", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Stefan Cornelius of Red Hat Product Security", sources: [ { db: "CNNVD", id: "CNNVD-201511-024", }, ], trust: 0.6, }, cve: "CVE-2015-7995", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-7995", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-85956", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-7995", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201511-024", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-85956", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-7995", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-85956", }, { db: "VULMON", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "CNNVD", id: "CNNVD-201511-024", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlCrafted by attackers XML Through the file Service operation interruption (DoS) There is a possibility of being put into a state. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3605-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 19, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxslt\nCVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684\nDebian Bug : 802971\n\nSeveral vulnerabilities were discovered in libxslt, an XSLT processing\nruntime library, which could lead to information disclosure or\ndenial-of-service (application crash) against an application using the\nlibxslt library. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.1.28-2+deb8u1. \n\nWe recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-2 watchOS 2.2\n\nwatchOS 2.2 is now available and addresses the following:\n\nDisk Images\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team\n\nFontParser\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro's Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1719 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1720 : Ian Beer of Google Project Zero\nCVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend\nMicro\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nlibxslt\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nMessages\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker who is able to bypass Apple's certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nSecurity\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nsyslog\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs\n\nTrueTypeScaler\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1723 : Apple\nCVE-2016-1724 : Apple\nCVE-2016-1725 : Apple\nCVE-2016-1726 : Apple\nCVE-2016-1727 : Apple\n\nWi-Fi\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6\nCHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9\n+bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt\nxLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu\nArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb\n5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why\noB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4\n5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+\n7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9\nMGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj\nnmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b\n82FzLX2fEJg5XYLhXQrg\n=lORW\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05158380\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05158380\nVersion: 1\n\nHPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Cross-Site Request Forgery (CSRF), Remote\nArbitrary Code Execution, Code Execution, Cross-Site Scripting (XSS), Denial\nof Service (DoS), Disclosure of Sensitive Information, Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HPE\nInsight Control (IC) on Windows which could be exploited remotely resulting\nin Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS),\nExecution of Arbitrary code, Disclosure of Sensitive Information,Remote Code\nExecution and locally resulting in Cross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nSystem Management Homepage Prior to 7.5.5\nHP Systems Insight Manager (HP SIM), Prior to 7.5.1\nHP Insight Control Prior to 7.5.1\nHPE Version Control Repository Manager Prior to 7.5.1\nHPE Server Migration Pack Prior to 7.5.1\nHP Insight Control server provisioning Prior to 7.5.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4969 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-3195 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-3237 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2015-6565 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2015-7501 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-7995 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-8035 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2016-0705 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-0728 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-2015 (AV:L/AC:H/Au:S/C:C/I:C/A:N) 5.5\nCVE-2016-2017 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5\nCVE-2016-2018 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2016-2019 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9\nCVE-2016-2020 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2\nCVE-2016-2021 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9\nCVE-2016-2022 (AV:N/AC:H/Au:M/C:P/I:P/A:N) 3.2\nCVE-2016-2024 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2016-2030 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5\nCVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has released the following software updates to resolve these\nvulnerabilities in HPE Insight Control. The HPE Insight Control 7.5.1 Update\nkit applicable to HPE Insight Control 7.5.x installations is available at the\nfollowing location:\n\nhttp://www.hpe.com/info/insightcontrol\n\nHPE has addressed these vulnerabilities for the impacted software components\nbundled with HPE Insight Control in the following HPE Security Bulletins:\n\nHPE Systems Insight Manager (SIM) (HPE Security Bulletin: HPSBMU03590)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085\n\nHPE System Management Homepage (SMH) (HPE Security Bulletin: HPSBMU03593)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017\n\nVersion Control Repository Manager (VCRM) (HPE Security Bulletin:\nHPSBMU03589)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131044\n\nHPE Server Migration Pack(SMP) (HPE Security Bulletin: HPSBMU03591)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05130958\n\nHPE Insight Control server provisioning (HPE Security Bulletin: HPSBMU03600)\n\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c05150736\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer's patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. ==========================================================================\nUbuntu Security Notice USN-3271-1\nApril 28, 2017\n\nlibxslt vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Libxslt. \n\nSoftware Description:\n- libxslt: XSLT processing library\n\nDetails:\n\nHolger Fuhrmannek discovered an integer overflow in the\nxsltAddTextString() function in Libxslt. An attacker could use\nthis to craft a malicious document that, when opened, could cause a\ndenial of service (application crash) or possible execute arbitrary\ncode. (CVE-2017-5029)\n\nNicolas Gregoire discovered that Libxslt mishandled namespace\nnodes. An attacker could use this to craft a malicious document that,\nwhen opened, could cause a denial of service (application crash)\nor possibly execute arbtrary code. This issue only affected Ubuntu\n16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)\n\nSebastian Apelt discovered that a use-after-error existed in the\nxsltDocumentFunctionLoadDocument() function in Libxslt. An attacker\ncould use this to craft a malicious document that, when opened,\ncould cause a denial of service (application crash) or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)\n\nIt was discovered that a type confusion error existed in the\nxsltStylePreCompute() function in Libxslt. An attacker could use this\nto craft a malicious XML file that, when opened, caused a denial of\nservice (application crash). This issue only affected Ubuntu 14.04\nLTS and Ubuntu 12.04 LTS. (CVE-2015-7995)\n\nNicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a'\nformat tokens for xsl:number data. An attacker could use this to\ncraft a malicious document that, when opened, could cause a denial of\nservice (application crash). This issue only affected Ubuntu 16.04 LTS,\nUbuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)\n\nIt was discovered that the xsltFormatNumberConversion() function\nin Libxslt did not properly handle empty decimal separators. An\nattacker could use this to craft a malicious document that, when\nopened, could cause a denial of service (application crash). This\nissue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS,\nand Ubuntu 12.04 LTS. (CVE-2016-4738)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libxslt1.1 1.1.29-2ubuntu0.1\n\nUbuntu 16.10:\n libxslt1.1 1.1.29-1ubuntu0.1\n\nUbuntu 16.04 LTS:\n libxslt1.1 1.1.28-2.1ubuntu0.1\n\nUbuntu 14.04 LTS:\n libxslt1.1 1.1.28-2ubuntu0.1\n\nUbuntu 12.04 LTS:\n libxslt1.1 1.1.26-8ubuntu1.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3271-1\n CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841,\n CVE-2016-4738, CVE-2017-5029\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4\n\n. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nOSA Scripts\nAvailable for: OS X El Capitan v10.11 to v10.11.2\nImpact: A quarantined application may be able to override OSA script\nlibraries installed by the user\nDescription: An issue existed when searching for scripting\nlibraries. \nCVE-ID\nCVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix\n\nWebSheet\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious captive portal may be able to access the user's\ncookies\nDescription: An issue existed that allowed some captive portals to\nread or write cookies. The issue was addressed through an isolated\ncookie store for all captive portals", sources: [ { db: "NVD", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "VULHUB", id: "VHN-85956", }, { db: "VULMON", id: "CVE-2015-7995", }, { db: "PACKETSTORM", id: "137546", }, { db: "PACKETSTORM", id: "136343", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "142342", }, { db: "PACKETSTORM", id: "135326", }, { db: "PACKETSTORM", id: "135325", }, ], trust: 2.34, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-85956", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-85956", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-7995", trust: 3.2, }, { db: "SECTRACK", id: "1038623", trust: 1.8, }, { db: "SECTRACK", id: "1034736", trust: 1.8, }, { db: "OPENWALL", id: "OSS-SECURITY/2015/10/28/4", trust: 1.8, }, { db: "OPENWALL", id: "OSS-SECURITY/2015/10/27/10", trust: 1.8, }, { db: "BID", id: "77325", trust: 1.8, }, { db: "JVN", id: "JVNVU90405245", trust: 0.8, }, { db: "JVN", id: "JVNVU97668313", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-005957", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201511-024", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2023.3732", trust: 0.6, }, { db: "PACKETSTORM", id: "135326", trust: 0.2, }, { db: "PACKETSTORM", id: "135325", trust: 0.2, }, { db: "PACKETSTORM", id: "137546", trust: 0.2, }, { db: "PACKETSTORM", id: "142342", trust: 0.2, }, { db: "PACKETSTORM", id: "137223", trust: 0.1, }, { db: "PACKETSTORM", id: "135385", trust: 0.1, }, { db: "VULHUB", id: "VHN-85956", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-7995", trust: 0.1, }, { db: "PACKETSTORM", id: "136343", trust: 0.1, }, { db: "PACKETSTORM", id: "137292", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-85956", }, { db: "VULMON", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "PACKETSTORM", id: "137546", }, { db: "PACKETSTORM", id: "136343", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "142342", }, { db: "PACKETSTORM", id: "135326", }, { db: "PACKETSTORM", id: "135325", }, { db: "CNNVD", id: "CNNVD-201511-024", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, id: "VAR-201511-0027", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-85956", }, ], trust: 0.01, }, last_update_date: "2024-07-23T21:12:31.080000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2016-01-25-1 tvOS 9.1.1", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html", }, { title: "APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html", }, { title: "APPLE-SA-2016-01-19-1 iOS 9.2.1", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html", }, { title: "APPLE-SA-2016-03-21-2 watchOS 2.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html", }, { title: "HT205729", trust: 0.8, url: "https://support.apple.com/en-us/ht205729", }, { title: "HT205731", trust: 0.8, url: "https://support.apple.com/en-us/ht205731", }, { title: "HT206168", trust: 0.8, url: "https://support.apple.com/en-us/ht206168", }, { title: "HT205732", trust: 0.8, url: "https://support.apple.com/en-us/ht205732", }, { title: "HT205729", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205729", }, { title: "HT206168", trust: 0.8, url: "http://support.apple.com/ja-jp/ht206168", }, { title: "HT205731", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205731", }, { title: "HT205732", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205732", }, { title: "Fix for type confusion in preprocessing attributes", trust: 0.8, url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { title: "HPSBMU03612", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { title: "Bug 1257962", trust: 0.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { title: "Top Page", trust: 0.8, url: "http://xmlsoft.org/", }, { title: "Libxslt'libxslt/preproc.c' Remediation measures for remote denial of service vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58552", }, { title: "Red Hat: CVE-2015-7995", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-7995", }, { title: "Debian Security Advisories: DSA-3605-1 libxslt -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bd3ce27c06b565581692d3fbcb1b22b7", }, { title: "Debian CVElist Bug Report Logs: libxslt: CVE-2015-7995: Type confusion may cause DoS", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cada68d7a350396a03fdabefd56361ea", }, { title: "Ubuntu Security Notice: libxslt vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3271-1", }, { title: "Apple: OS X El Capitan 10.11.3 and Security Update 2016-001", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=26c74e7f50c7020e38a379f8b41822d1", }, { title: "Apple: tvOS 9.1.1", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4ced8cf78124c311ca07c6fa1e52a814", }, { title: "Apple: iOS 9.2.1", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=2496c641ca758f2cd6e8f21dfba0ed06", }, { title: "Apple: watchOS 2.2", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=0cbe3084baf2e465ecd2cc68ad686a9a", }, { title: "Apple: Apple TV 7.2.1", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7fd0c8e5493266a37a14d1b8b5c5ece7", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=4ee609eeae78bbbd0d0c827f33a7f87f", }, { title: "Splunk Security Announcements: Splunk Enterprise 6.3.3.4, 6.2.9. 6.1.10, 6.0.11, and 5.0.15 and Splunk Light 6.3.3.4 and 6.2.9 address multiple vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=2cb6c312457a6c5231992bd75afc3fcb", }, { title: "Android Security Bulletins: Android Security Bulletin—June 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=f9fbdf3aea1fd17035e18f77d6530ab1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8", }, ], sources: [ { db: "VULMON", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "CNNVD", id: "CNNVD-201511-024", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "http://www.securityfocus.com/bid/77325", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html", }, { trust: 1.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { trust: 1.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { trust: 1.8, url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { trust: 1.8, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017", }, { trust: 1.8, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.8, url: "https://puppet.com/security/cve/cve-2015-7995", }, { trust: 1.8, url: "https://support.apple.com/ht205729", }, { trust: 1.8, url: "https://support.apple.com/ht205731", }, { trust: 1.8, url: "https://support.apple.com/ht205732", }, { trust: 1.8, url: "https://support.apple.com/ht206168", }, { trust: 1.8, url: "http://www.debian.org/security/2016/dsa-3605", }, { trust: 1.8, url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { trust: 1.8, url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { trust: 1.8, url: "http://www.securitytracker.com/id/1034736", }, { trust: 1.8, url: "http://www.securitytracker.com/id/1038623", }, { trust: 1.8, url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { trust: 1.7, url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7995", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu90405245/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu97668313/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7995", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7995", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.3732", }, { trust: 0.3, url: "https://gpgtools.org", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1720", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1721", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1722", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1717", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1719", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1683", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1684", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1725", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8035", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1727", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1726", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1724", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1723", }, { trust: 0.1, url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-7995", }, { trust: 0.1, url: "https://usn.ubuntu.com/3271-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=43118", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1751", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8659", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1753", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1750", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1819", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0801", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8242", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5312", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7942", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7500", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1740", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1752", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1754", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0802", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1748", }, { trust: 0.1, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2007-6750", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1790", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1788", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1792", }, { trust: 0.1, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0799", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3237", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1789", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1791", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2015", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0728", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7501", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2017", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7547", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-4969", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6565", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3194", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.1, url: "http://www.hpe.com/info/insightcontrol", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5029", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4738", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1", }, { trust: 0.1, url: "http://www.ubuntu.com/usn/usn-3271-1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1841", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1718", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1729", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1716", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1730", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1728", }, ], sources: [ { db: "VULHUB", id: "VHN-85956", }, { db: "VULMON", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "PACKETSTORM", id: "137546", }, { db: "PACKETSTORM", id: "136343", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "142342", }, { db: "PACKETSTORM", id: "135326", }, { db: "PACKETSTORM", id: "135325", }, { db: "CNNVD", id: "CNNVD-201511-024", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-85956", }, { db: "VULMON", id: "CVE-2015-7995", }, { db: "JVNDB", id: "JVNDB-2015-005957", }, { db: "PACKETSTORM", id: "137546", }, { db: "PACKETSTORM", id: "136343", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "142342", }, { db: "PACKETSTORM", id: "135326", }, { db: "PACKETSTORM", id: "135325", }, { db: "CNNVD", id: "CNNVD-201511-024", }, { db: "NVD", id: "CVE-2015-7995", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-11-17T00:00:00", db: "VULHUB", id: "VHN-85956", }, { date: "2015-11-17T00:00:00", db: "VULMON", id: "CVE-2015-7995", }, { date: "2015-11-19T00:00:00", db: "JVNDB", id: "JVNDB-2015-005957", }, { date: "2016-06-21T00:21:23", db: "PACKETSTORM", id: "137546", }, { date: "2016-03-22T15:09:54", db: "PACKETSTORM", id: "136343", }, { date: "2016-06-02T19:12:12", db: "PACKETSTORM", id: "137292", }, { date: "2017-04-27T23:24:00", db: "PACKETSTORM", id: "142342", }, { date: "2016-01-20T16:54:51", db: "PACKETSTORM", id: "135326", }, { date: "2016-01-20T16:51:56", db: "PACKETSTORM", id: "135325", }, { date: "2015-10-27T00:00:00", db: "CNNVD", id: "CNNVD-201511-024", }, { date: "2015-11-17T15:59:16.287000", db: "NVD", id: "CVE-2015-7995", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-03-08T00:00:00", db: "VULHUB", id: "VHN-85956", }, { date: "2019-03-08T00:00:00", db: "VULMON", id: "CVE-2015-7995", }, { date: "2016-09-08T00:00:00", db: "JVNDB", id: "JVNDB-2015-005957", }, { date: "2023-06-30T00:00:00", db: "CNNVD", id: "CNNVD-201511-024", }, { date: "2019-03-08T16:06:36.980000", db: "NVD", id: "CVE-2015-7995", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "137292", }, { db: "CNNVD", id: "CNNVD-201511-024", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "libxslt of preproc.c of xsltStylePreCompute Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2015-005957", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201511-024", }, ], trust: 0.6, }, }
gsd-2015-7995
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-7995", description: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", id: "GSD-2015-7995", references: [ "https://www.suse.com/security/cve/CVE-2015-7995.html", "https://www.debian.org/security/2016/dsa-3605", "https://ubuntu.com/security/CVE-2015-7995", "https://advisories.mageia.org/CVE-2015-7995.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-7995", ], details: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", id: "GSD-2015-7995", modified: "2023-12-13T01:20:02.045722Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7995", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3605", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3605", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", url: "https://support.apple.com/HT206168", }, { name: "https://support.apple.com/HT205731", refsource: "CONFIRM", url: "https://support.apple.com/HT205731", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "https://support.apple.com/HT205729", refsource: "CONFIRM", url: "https://support.apple.com/HT205729", }, { name: "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { name: "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { name: "APPLE-SA-2016-01-25-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { name: "1034736", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034736", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "APPLE-SA-2016-01-19-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "https://puppet.com/security/cve/cve-2015-7995", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2015-7995", }, { name: "APPLE-SA-2016-01-19-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { name: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", refsource: "CONFIRM", url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { name: "77325", refsource: "BID", url: "http://www.securityfocus.com/bid/77325", }, { name: "openSUSE-SU-2016:1439", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { name: "SSA:2016-148-02", refsource: "SLACKWARE", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "https://support.apple.com/HT205732", refsource: "CONFIRM", url: "https://support.apple.com/HT205732", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { name: "1038623", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038623", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.1.28", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7995", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/10/27/10", }, { name: "77325", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/77325", }, { name: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", refsource: "CONFIRM", tags: [], url: "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617", }, { name: "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/10/28/4", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", refsource: "CONFIRM", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", }, { name: "APPLE-SA-2016-01-19-2", refsource: "APPLE", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html", }, { name: "APPLE-SA-2016-01-25-1", refsource: "APPLE", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html", }, { name: "https://support.apple.com/HT205729", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT205729", }, { name: "https://support.apple.com/HT205732", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT205732", }, { name: "https://support.apple.com/HT205731", refsource: "CONFIRM", tags: [], url: "https://support.apple.com/HT205731", }, { name: "APPLE-SA-2016-01-19-1", refsource: "APPLE", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html", }, { name: "https://support.apple.com/HT206168", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT206168", }, { name: "APPLE-SA-2016-03-21-2", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", }, { name: "SSA:2016-148-02", refsource: "SLACKWARE", tags: [], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", refsource: "CONFIRM", tags: [], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", refsource: "CONFIRM", tags: [], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", }, { name: "DSA-3605", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2016/dsa-3605", }, { name: "openSUSE-SU-2016:1439", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html", }, { name: "1038623", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1038623", }, { name: "1034736", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1034736", }, { name: "https://puppet.com/security/cve/cve-2015-7995", refsource: "CONFIRM", tags: [], url: "https://puppet.com/security/cve/cve-2015-7995", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2019-03-08T16:06Z", publishedDate: "2015-11-17T15:59Z", }, }, }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.