Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1051222?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1051222?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1", "type": "deb", "namespace": "debian", "name": "libxslt", "version": "1.1.32-2.2~deb10u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68725?format=api", "vulnerability_id": "VCID-aauj-xkdy-mbea", "summary": "libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25125", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25157", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25167", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25205", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26665", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26542", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2661", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2666", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2662", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26562", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27858", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30199", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30152", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109123", "reference_id": "1109123", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109123" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/139", "reference_id": "139", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379228", "reference_id": "2379228", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379228" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7424", "reference_id": "CVE-2025-7424", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7424" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:12345", "reference_id": "RHBA-2025:12345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:12345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11015", "reference_id": "RHSA-2026:11015", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11015" }, { "reference_url": "https://usn.ubuntu.com/7945-1/", "reference_id": "USN-7945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995128?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-7424" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aauj-xkdy-mbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70781?format=api", "vulnerability_id": "VCID-jaep-1ut3-9qan", "summary": "libxslt: Use-After-Free in libxslt numbers.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15193", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15404", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15187", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15473", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15277", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15365", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15377", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24873", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2493", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24918", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25296", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566", "reference_id": "1100566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483", "reference_id": "2352483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3107", "reference_id": "RHSA-2025:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3389", "reference_id": "RHSA-2025:3389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3528", "reference_id": "RHSA-2025:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7361-1/", "reference_id": "USN-7361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7361-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995128?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u3" } ], "aliases": [ "CVE-2025-24855" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jaep-1ut3-9qan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10993?format=api", "vulnerability_id": "VCID-nxyn-eknv-tqbf", "summary": "Use After Free\nUse after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24409", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24291", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24597", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24306", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24421", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24446", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24537", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24478", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24479", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24451", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24436", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30560" }, { "reference_url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" }, { "reference_url": "https://crbug.com/1219209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crbug.com/1219209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5216", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5216" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079", "reference_id": "990079", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079" }, { "reference_url": "https://security.archlinux.org/ASA-202107-30", "reference_id": "ASA-202107-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-30" }, { "reference_url": "https://security.archlinux.org/ASA-202107-31", "reference_id": "ASA-202107-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-31" }, { "reference_url": "https://security.archlinux.org/AVG-2166", "reference_id": "AVG-2166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2166" }, { "reference_url": "https://security.archlinux.org/AVG-2167", "reference_id": "AVG-2167", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", "reference_id": "CVE-2021-30560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560" }, { "reference_url": "https://github.com/advisories/GHSA-59gp-qqm7-cw4j", "reference_id": "GHSA-59gp-qqm7-cw4j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59gp-qqm7-cw4j" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2", "reference_id": "GHSA-fq42-c5rg-92c2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2" }, { "reference_url": "https://security.gentoo.org/glsa/202107-49", "reference_id": "GLSA-202107-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-49" }, { "reference_url": "https://security.gentoo.org/glsa/202310-23", "reference_id": "GLSA-202310-23", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202310-23" }, { "reference_url": "https://usn.ubuntu.com/5575-1/", "reference_id": "USN-5575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-1/" }, { "reference_url": "https://usn.ubuntu.com/5575-2/", "reference_id": "USN-5575-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995127?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1" } ], "aliases": [ "CVE-2021-30560", "GHSA-59gp-qqm7-cw4j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxyn-eknv-tqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55120?format=api", "vulnerability_id": "VCID-sxp3-vtcq-pugw", "summary": "Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability\nIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.\n\nNokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89206", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89141", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89143", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89167", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89177", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89173", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89184", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89183", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89179", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89196", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89202", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191031-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191031-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200416-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200416-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200416-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200416-0004/" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768", "reference_id": "1770768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646", "reference_id": "942646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646" }, { "reference_url": "https://security.archlinux.org/ASA-202002-3", "reference_id": "ASA-202002-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-3" }, { "reference_url": "https://security.archlinux.org/AVG-1092", "reference_id": "AVG-1092", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1092" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-242x-7cm6-4w8j", "reference_id": "GHSA-242x-7cm6-4w8j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-242x-7cm6-4w8j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "USN-4164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4164-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995127?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18197", "GHSA-242x-7cm6-4w8j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxp3-vtcq-pugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78065?format=api", "vulnerability_id": "VCID-wdxa-4bjj-7fe5", "summary": "libxslt: Processing web content may disclose sensitive information", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30416", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30597", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30708", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30676", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33181", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3353", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33465", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33501", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33476", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33262", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/10", "reference_id": "10", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/10" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074", "reference_id": "1108074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349766", "reference_id": "2349766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349766" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/3" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/4" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/5" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/6" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/8" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/9" }, { "reference_url": "https://support.apple.com/en-us/HT213927", "reference_id": "HT213927", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213927" }, { "reference_url": "https://support.apple.com/en-us/HT213931", "reference_id": "HT213931", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213931" }, { "reference_url": "https://support.apple.com/en-us/HT213932", "reference_id": "HT213932", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213932" }, { "reference_url": "https://support.apple.com/en-us/HT213936", "reference_id": "HT213936", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213936" }, { "reference_url": "https://support.apple.com/en-us/HT213937", "reference_id": "HT213937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213937" }, { "reference_url": "https://support.apple.com/en-us/HT213938", "reference_id": "HT213938", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213938" }, { "reference_url": "https://support.apple.com/en-us/HT213940", "reference_id": "HT213940", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8676", "reference_id": "RHSA-2025:8676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9016", "reference_id": "RHSA-2025:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6266", "reference_id": "RHSA-2026:6266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6499", "reference_id": "RHSA-2026:6499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7335", "reference_id": "RHSA-2026:7335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://usn.ubuntu.com/7600-1/", "reference_id": "USN-7600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7600-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995128?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u3" } ], "aliases": [ "CVE-2023-40403" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdxa-4bjj-7fe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70782?format=api", "vulnerability_id": "VCID-z7hh-qpzy-c7b2", "summary": "libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15498", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15886", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15824", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15811", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15992", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27966", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28156", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00106", "scoring_system": "epss", "scoring_elements": "0.28623", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565", "reference_id": "1100565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484", "reference_id": "2352484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3613", "reference_id": "RHSA-2025:3613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3614", "reference_id": "RHSA-2025:3614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4025", "reference_id": "RHSA-2025:4025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7410", "reference_id": "RHSA-2025:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7357-1/", "reference_id": "USN-7357-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7357-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995128?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u3" } ], "aliases": [ "CVE-2024-55549" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7hh-qpzy-c7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42308?format=api", "vulnerability_id": "VCID-zwzs-qztz-wbfj", "summary": "Multiple vulnerabilities have been found in Chromium and Google\n Chrome, the worst of which could allow remote attackers to execute\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29204", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29269", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29384", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29497", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29723", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29606", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29643", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29543", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29542", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29601", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29646", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815" }, { "reference_url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/2630" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905", "reference_id": "1702905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905" }, { "reference_url": "https://security.archlinux.org/ASA-201904-12", "reference_id": "ASA-201904-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-12" }, { "reference_url": "https://security.archlinux.org/AVG-952", "reference_id": "AVG-952", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-952" }, { "reference_url": "https://github.com/advisories/GHSA-vmfx-gcfq-wvm2", "reference_id": "GHSA-vmfx-gcfq-wvm2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmfx-gcfq-wvm2" }, { "reference_url": "https://security.gentoo.org/glsa/201908-18", "reference_id": "GLSA-201908-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1021", "reference_id": "RHSA-2019:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1021" }, { "reference_url": "https://usn.ubuntu.com/5575-1/", "reference_id": "USN-5575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-1/" }, { "reference_url": "https://usn.ubuntu.com/5575-2/", "reference_id": "USN-5575-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/995127?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-gz4b-hjbg-pyfz" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-qpxw-q3mc-xfhz" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1" } ], "aliases": [ "CVE-2019-5815", "GHSA-vmfx-gcfq-wvm2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwzs-qztz-wbfj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10824?format=api", "vulnerability_id": "VCID-96v6-vs1m-skf3", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77101", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77135", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77093", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77103", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77228", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77235", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77245", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77292", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77313", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01027", "scoring_system": "epss", "scoring_elements": "0.77285", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/13" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/14" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/15" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/22" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/31" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/38", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/38" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5197371471822848", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oss-fuzz.com/testcase-detail/5197371471822848" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/21" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/22" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/25", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/25" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/35" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/36" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/37" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/40" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/41", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/41" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/42", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/42" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" }, { "reference_url": "https://support.apple.com/kb/HT210346", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210346" }, { "reference_url": "https://support.apple.com/kb/HT210348", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210348" }, { "reference_url": "https://support.apple.com/kb/HT210351", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210351" }, { "reference_url": "https://support.apple.com/kb/HT210353", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210353" }, { "reference_url": "https://support.apple.com/kb/HT210356", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210356" }, { "reference_url": "https://support.apple.com/kb/HT210357", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210357" }, { "reference_url": "https://support.apple.com/kb/HT210358", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210358" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541", "reference_id": "1728541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320", "reference_id": "931320", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118", "reference_id": "CVE-2019-13118", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118" }, { "reference_url": "https://github.com/advisories/GHSA-cf46-6xxh-pc75", "reference_id": "GHSA-cf46-6xxh-pc75", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cf46-6xxh-pc75" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "USN-4164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4164-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051222?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-nxyn-eknv-tqbf" }, { "vulnerability": "VCID-sxp3-vtcq-pugw" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" }, { "vulnerability": "VCID-zwzs-qztz-wbfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1" } ], "aliases": [ "CVE-2019-13118", "GHSA-cf46-6xxh-pc75" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96v6-vs1m-skf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10565?format=api", "vulnerability_id": "VCID-tdt5-asvh-ryaa", "summary": "Bypass of a protection mechanism in libxslt\nThe libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78374", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78358", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78319", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78324", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.783", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78317", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78291", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78259", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78246", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01127", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1892", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1892" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/1898" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" }, { "reference_url": "https://usn.ubuntu.com/3947-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-1" }, { "reference_url": "https://usn.ubuntu.com/3947-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3947-1/" }, { "reference_url": "https://usn.ubuntu.com/3947-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-2" }, { "reference_url": "https://usn.ubuntu.com/3947-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3947-2/" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697", "reference_id": "1709697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895", "reference_id": "926895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2019-11068" }, { "reference_url": "https://github.com/advisories/GHSA-qxcg-xjjg-66mj", "reference_id": "GHSA-qxcg-xjjg-66mj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxcg-xjjg-66mj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051222?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-nxyn-eknv-tqbf" }, { "vulnerability": "VCID-sxp3-vtcq-pugw" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" }, { "vulnerability": "VCID-zwzs-qztz-wbfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1" } ], "aliases": [ "CVE-2019-11068", "GHSA-qxcg-xjjg-66mj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdt5-asvh-ryaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10825?format=api", "vulnerability_id": "VCID-txm2-sdc1-7uch", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.89009", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.8899", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.88988", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.88984", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.89001", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89072", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89066", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89078", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04457", "scoring_system": "epss", "scoring_elements": "0.89074", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5631739747106816", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oss-fuzz.com/testcase-detail/5631739747106816" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546", "reference_id": "1728546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321", "reference_id": "931321", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117", "reference_id": "CVE-2019-13117", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117" }, { "reference_url": "https://github.com/advisories/GHSA-4hm9-844j-jmxp", "reference_id": "GHSA-4hm9-844j-jmxp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hm9-844j-jmxp" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "USN-4164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4164-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051222?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aauj-xkdy-mbea" }, { "vulnerability": "VCID-jaep-1ut3-9qan" }, { "vulnerability": "VCID-nxyn-eknv-tqbf" }, { "vulnerability": "VCID-sxp3-vtcq-pugw" }, { "vulnerability": "VCID-wdxa-4bjj-7fe5" }, { "vulnerability": "VCID-z7hh-qpzy-c7b2" }, { "vulnerability": "VCID-zwzs-qztz-wbfj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1" } ], "aliases": [ "CVE-2019-13117", "GHSA-4hm9-844j-jmxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txm2-sdc1-7uch" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1" }