Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/ruby193-rubygem-qpid_messaging@0.30.0-1?arch=el6_6sat

Type rpm

Namespace redhat

Name ruby193-rubygem-qpid_messaging

Version 0.30.0-1

Qualifiers

arch	el6_6sat

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-2nna-s9bv-sycc

vulnerability_id VCID-2nna-s9bv-sycc

summary foreman: lack of SSL certificate validation when performing LDAPS authentication

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1208602
reference_id	1208602
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1208602

fixed_packages

aliases CVE-2015-1816

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nna-s9bv-sycc

url VCID-bumt-76s4-47da

vulnerability_id VCID-bumt-76s4-47da

summary foreman: cross-site scripting (XSS) flaw in template preview screen

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1145398
reference_id	1145398
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1145398

fixed_packages

aliases CVE-2014-3653

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bumt-76s4-47da

url VCID-m7u7-uh4a-8yhe

vulnerability_id VCID-m7u7-uh4a-8yhe

summary foreman: edit_users permission allows changing of admin passwords

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1232366
reference_id	1232366
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1232366

fixed_packages

aliases CVE-2015-3235

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7u7-uh4a-8yhe

url VCID-qjt7-u7kg-4kb9

vulnerability_id VCID-qjt7-u7kg-4kb9

summary foreman: API not scoping resources to taxonomies

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1207589
reference_id	1207589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1207589

fixed_packages

aliases CVE-2015-1844

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjt7-u7kg-4kb9

url VCID-r6rk-smsu-m7d5

vulnerability_id VCID-r6rk-smsu-m7d5

summary foreman: the _session_id cookie is issued without the Secure flag

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1216035
reference_id	1216035
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1216035

fixed_packages

aliases CVE-2015-3155

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6rk-smsu-m7d5

url VCID-u4r1-a2p1-q7cm

vulnerability_id VCID-u4r1-a2p1-q7cm

summary rhn_satellite_6: cross-site request forgery (CSRF) can force logout

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1128108
reference_id	1128108
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1128108

fixed_packages

aliases CVE-2014-3590

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4r1-a2p1-q7cm

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-rubygem-qpid_messaging@0.30.0-1%3Farch=el6_6sat

Package Instance