{"url":"http://public2.vulnerablecode.io/api/packages/262729?format=json","purl":"pkg:rpm/redhat/lshw@B.02.16-4?arch=el6cf","type":"rpm","namespace":"redhat","name":"lshw","version":"B.02.16-4","qualifiers":{"arch":"el6cf"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69993?format=json","vulnerability_id":"VCID-1fjj-5577-g7b6","summary":"postgresql: Improper user privilege check for on-line backups","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1901.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1901","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44009","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2013-1901/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2013-1901/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929328","reference_id":"929328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929328"},{"reference_url":"https://security.gentoo.org/glsa/201408-15","reference_id":"GLSA-201408-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-15"},{"reference_url":"https://usn.ubuntu.com/1789-1/","reference_id":"USN-1789-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1789-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1901"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fjj-5577-g7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27165?format=json","vulnerability_id":"VCID-7fe5-pa3v-wfcq","summary":"actionmailer email address processing causes Denial of service\nMultiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4389","reference_id":"","reference_type":"","scores":[{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80273","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/118","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q4/118"},{"reference_url":"https://github.com/advisories/GHSA-rg5m-3fqp-6px8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg5m-3fqp-6px8"},{"reference_url":"https://github.com/rails/rails/tree/main/actionmailer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/tree/main/actionmailer"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4389","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4389"},{"reference_url":"https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ"},{"reference_url":"http://www.debian.org/security/2014/dsa-2887","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2887"},{"reference_url":"http://www.debian.org/security/2014/dsa-2888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013913","reference_id":"1013913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013913"}],"fixed_packages":[],"aliases":["CVE-2013-4389","GHSA-rg5m-3fqp-6px8","OSV-98629"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fe5-pa3v-wfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26951?format=json","vulnerability_id":"VCID-8wpy-hzah-7bbx","summary":"i18n gem Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2015:1100","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2015:1100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0320","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0380","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0380"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4492","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4492"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4492","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63682","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4492"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1039435","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1039435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492"},{"reference_url":"https://github.com/advisories/GHSA-r5hc-9xx5-97rw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5hc-9xx5-97rw"},{"reference_url":"https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml"},{"reference_url":"https://github.com/svenfuchs/i18n","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/i18n"},{"reference_url":"https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4492","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4492"},{"reference_url":"https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"},{"reference_url":"https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210731082547/http://www.securityfocus.com/bid/64076"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released"},{"reference_url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","reference_id":"","reference_type":"","scores":[],"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2830"},{"reference_url":"http://www.securityfocus.com/bid/64076","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64076"}],"fixed_packages":[],"aliases":["CVE-2013-4492","GHSA-r5hc-9xx5-97rw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wpy-hzah-7bbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69306?format=json","vulnerability_id":"VCID-evqu-59v5-eugz","summary":"2: miq_policy/explorer SQL injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2050.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2050.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2050","reference_id":"","reference_type":"","scores":[{"value":"0.54161","scoring_system":"epss","scoring_elements":"0.98058","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=959062","reference_id":"959062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=959062"}],"fixed_packages":[],"aliases":["CVE-2013-2050"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evqu-59v5-eugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69303?format=json","vulnerability_id":"VCID-fa3q-atht-yyby","summary":"CloudForms: user password stored in recoverable format","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4423.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4423","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28086","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4423"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1018345","reference_id":"1018345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1018345"}],"fixed_packages":[],"aliases":["CVE-2013-4423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa3q-atht-yyby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69304?format=json","vulnerability_id":"VCID-mkzc-mzbs-j7a4","summary":"EVM: CSRF","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0185.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0185","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27037","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895345","reference_id":"895345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895345"}],"fixed_packages":[],"aliases":["CVE-2013-0185"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkzc-mzbs-j7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69989?format=json","vulnerability_id":"VCID-pcwn-epdn-rycp","summary":"postgresql: Insecure switch parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1899.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1899.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1899","reference_id":"","reference_type":"","scores":[{"value":"0.81124","scoring_system":"epss","scoring_elements":"0.99181","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2013-1899/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2013-1899/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929223","reference_id":"929223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929223"},{"reference_url":"https://security.gentoo.org/glsa/201408-15","reference_id":"GLSA-201408-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-15"},{"reference_url":"https://usn.ubuntu.com/1789-1/","reference_id":"USN-1789-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1789-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcwn-epdn-rycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26725?format=json","vulnerability_id":"VCID-q5d6-ke65-hfhz","summary":"sprockets vulnerable to Path Traversal\nMultiple directory traversal vulnerabilities in `server.rb` in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00103.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00105.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00110.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00111.html"},{"reference_url":"https://access.redhat.com/errata/RHBA-2015:1100","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHBA-2015:1100"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-7819","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-7819"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7819","reference_id":"","reference_type":"","scores":[{"value":"0.00748","scoring_system":"epss","scoring_elements":"0.73402","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7819"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1161527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7819"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/doAVp0YaTqY/aHFngBqNBoAJ"},{"reference_url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wQBeGXqGs3E/JqUMB6fhh3gJ"},{"reference_url":"https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7819","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7819"},{"reference_url":"https://github.com/advisories/GHSA-33pp-3763-mrfp","reference_id":"GHSA-33pp-3763-mrfp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33pp-3763-mrfp"}],"fixed_packages":[],"aliases":["CVE-2014-7819","GHSA-33pp-3763-mrfp","OSV-113965"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5d6-ke65-hfhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69305?format=json","vulnerability_id":"VCID-qccg-84r5-3kfe","summary":"2: static secret_token.rb value","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2049.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2049.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2049","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36597","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2049"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=959041","reference_id":"959041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=959041"}],"fixed_packages":[],"aliases":["CVE-2013-2049"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qccg-84r5-3kfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68358?format=json","vulnerability_id":"VCID-rnfp-d84q-wfec","summary":"CFME: dangerous send method in performance.rb","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3642","reference_id":"","reference_type":"","scores":[{"value":"0.00534","scoring_system":"epss","scoring_elements":"0.67674","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092894","reference_id":"1092894","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092894"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1317","reference_id":"RHSA-2014:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1317"}],"fixed_packages":[],"aliases":["CVE-2014-3642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnfp-d84q-wfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68357?format=json","vulnerability_id":"VCID-sj4p-amym-zqer","summary":"CFME: default routes expose controllers and actions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0140","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47694","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077359","reference_id":"1077359","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077359"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1317","reference_id":"RHSA-2014:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1317"}],"fixed_packages":[],"aliases":["CVE-2014-0140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sj4p-amym-zqer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69535?format=json","vulnerability_id":"VCID-trh3-sdvx-4uga","summary":"interface: Ruby code injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4172.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4172","reference_id":"","reference_type":"","scores":[{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68509","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4172"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=988644","reference_id":"988644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=988644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1157","reference_id":"RHSA-2013:1157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1157"}],"fixed_packages":[],"aliases":["CVE-2013-4172"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trh3-sdvx-4uga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27173?format=json","vulnerability_id":"VCID-u5nz-nn6j-8fhm","summary":"rest-client allows local users to obtain sensitive information by reading the log\nREST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3448","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20495","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448"},{"reference_url":"https://github.com/rest-client/rest-client","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rest-client/rest-client"},{"reference_url":"https://github.com/rest-client/rest-client/issues/349","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rest-client/rest-client/issues/349"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3448","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3448"},{"reference_url":"https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228154247/http://www.securityfocus.com/bid/74415"},{"reference_url":"http://www.osvdb.org/show/osvdb/117461","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/show/osvdb/117461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1240982","reference_id":"1240982","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1240982"},{"reference_url":"https://github.com/advisories/GHSA-mx9f-w8qq-q5jf","reference_id":"GHSA-mx9f-w8qq-q5jf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mx9f-w8qq-q5jf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[],"aliases":["CVE-2015-3448","GHSA-mx9f-w8qq-q5jf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5nz-nn6j-8fhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69991?format=json","vulnerability_id":"VCID-u831-s7tv-d7cf","summary":"postgresql: Improper randomization of pgcrypto functions (requiring random seed)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1900.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1900","reference_id":"","reference_type":"","scores":[{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.6876","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901"},{"reference_url":"https://www.postgresql.org/support/security/CVE-2013-1900/","reference_id":"","reference_type":"","scores":[],"url":"https://www.postgresql.org/support/security/CVE-2013-1900/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=929255","reference_id":"929255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=929255"},{"reference_url":"https://security.gentoo.org/glsa/201408-15","reference_id":"GLSA-201408-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1475","reference_id":"RHSA-2013:1475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1475"},{"reference_url":"https://usn.ubuntu.com/1789-1/","reference_id":"USN-1789-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1789-1/"}],"fixed_packages":[],"aliases":["CVE-2013-1900"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u831-s7tv-d7cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47259?format=json","vulnerability_id":"VCID-w33m-yjha-ckap","summary":"rest-client Gem Vulnerable to Session Fixation\nREST client for Ruby (aka rest-client) versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1820","reference_id":"","reference_type":"","scores":[{"value":"0.03723","scoring_system":"epss","scoring_elements":"0.8818","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1820"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205291","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1205291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1820"},{"reference_url":"https://github.com/rest-client/rest-client","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rest-client/rest-client"},{"reference_url":"https://github.com/rest-client/rest-client/issues/369","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rest-client/rest-client/issues/369"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1820","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1820"},{"reference_url":"https://rubygems.org/gems/rest-client/versions/1.6.1.a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/rest-client/versions/1.6.1.a"},{"reference_url":"https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228080106/http://www.securityfocus.com/bid/73295"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/03/24/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/03/24/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238","reference_id":"781238","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781238"},{"reference_url":"https://github.com/advisories/GHSA-3fhf-6939-qg8p","reference_id":"GHSA-3fhf-6939-qg8p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3fhf-6939-qg8p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1313","reference_id":"RHSA-2021:1313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1313"}],"fixed_packages":[],"aliases":["CVE-2015-1820","GHSA-3fhf-6939-qg8p","OSV-119878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w33m-yjha-ckap"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/lshw@B.02.16-4%3Farch=el6cf"}