Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/3616?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3616?format=api", "vulnerability_id": "VCID-7jb6-q4x1-cfbw", "summary": "xml_parse() DTD validation can be used to read arbitrary filesmore details", "aliases": [ { "alias": "CVE-2012-3489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72082?format=api", "purl": "pkg:ebuild/dev-db/postgresql-server@9.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/postgresql-server@9.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/429?format=api", "purl": "pkg:generic/postgresql@8.3.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/428?format=api", "purl": "pkg:generic/postgresql@8.4.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/427?format=api", "purl": "pkg:generic/postgresql@9.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/426?format=api", "purl": "pkg:generic/postgresql@9.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.1.5" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/334?format=api", "purl": "pkg:generic/postgresql@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qsp-wvwq-j3f5" }, { "vulnerability": "VCID-1uzm-h9m3-akge" }, { "vulnerability": "VCID-2nve-471m-17h6" }, { "vulnerability": "VCID-35a3-5eq3-8bep" }, { "vulnerability": "VCID-666x-ret3-xufr" }, { "vulnerability": "VCID-6dmy-t1qp-nuf3" }, { "vulnerability": "VCID-6mck-xykx-yuba" }, { "vulnerability": "VCID-721k-9zdg-buhv" }, { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-7q99-jk4u-1fen" }, { "vulnerability": "VCID-811b-x31n-tfch" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" }, { "vulnerability": "VCID-c8ch-zd9x-kufn" }, { "vulnerability": "VCID-cffd-gdpc-uqeb" }, { "vulnerability": "VCID-quqr-bg9k-7yb5" }, { "vulnerability": "VCID-s8a2-wbb4-dyda" }, { "vulnerability": "VCID-u5h4-4p6j-wbay" }, { "vulnerability": "VCID-v69z-cmag-xfaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/335?format=api", "purl": "pkg:generic/postgresql@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uzm-h9m3-akge" }, { "vulnerability": "VCID-2nve-471m-17h6" }, { "vulnerability": "VCID-35a3-5eq3-8bep" }, { "vulnerability": "VCID-666x-ret3-xufr" }, { "vulnerability": "VCID-6mck-xykx-yuba" }, { "vulnerability": "VCID-721k-9zdg-buhv" }, { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-7q99-jk4u-1fen" }, { "vulnerability": "VCID-811b-x31n-tfch" }, { "vulnerability": "VCID-8cbh-gwwy-n3eq" }, { "vulnerability": "VCID-8j4f-u2tq-1qev" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" }, { "vulnerability": "VCID-c8ch-zd9x-kufn" }, { "vulnerability": "VCID-cffd-gdpc-uqeb" }, { "vulnerability": "VCID-g4tm-8zhw-a7hn" }, { "vulnerability": "VCID-kbgc-w2jw-auh8" }, { "vulnerability": "VCID-nz16-gzhk-h3c1" }, { "vulnerability": "VCID-pvxg-byvu-pbec" }, { "vulnerability": "VCID-quqr-bg9k-7yb5" }, { "vulnerability": "VCID-reab-s9cu-yudn" }, { "vulnerability": "VCID-s8a2-wbb4-dyda" }, { "vulnerability": "VCID-u5h4-4p6j-wbay" }, { "vulnerability": "VCID-ux6m-dn6j-37dc" }, { "vulnerability": "VCID-v69z-cmag-xfaf" }, { "vulnerability": "VCID-w518-wkek-97ag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@8.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/267?format=api", "purl": "pkg:generic/postgresql@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qap-rdxz-4uer" }, { "vulnerability": "VCID-2nve-471m-17h6" }, { "vulnerability": "VCID-35a3-5eq3-8bep" }, { "vulnerability": "VCID-625c-amyd-dybm" }, { "vulnerability": "VCID-666x-ret3-xufr" }, { "vulnerability": "VCID-6mck-xykx-yuba" }, { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-7q99-jk4u-1fen" }, { "vulnerability": "VCID-811b-x31n-tfch" }, { "vulnerability": "VCID-8cbh-gwwy-n3eq" }, { "vulnerability": "VCID-8j4f-u2tq-1qev" }, { "vulnerability": "VCID-a3sh-4t1e-tbh4" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" }, { "vulnerability": "VCID-bqag-mh3g-fqe7" }, { "vulnerability": "VCID-f976-dd3s-fuc8" }, { "vulnerability": "VCID-fd5z-bj21-m3a5" }, { "vulnerability": "VCID-g4tm-8zhw-a7hn" }, { "vulnerability": "VCID-k38h-5crc-u3hr" }, { "vulnerability": "VCID-kbgc-w2jw-auh8" }, { "vulnerability": "VCID-mebz-9qb7-5bd2" }, { "vulnerability": "VCID-n3ka-63rx-5fgk" }, { "vulnerability": "VCID-nz16-gzhk-h3c1" }, { "vulnerability": "VCID-pvxg-byvu-pbec" }, { "vulnerability": "VCID-quqr-bg9k-7yb5" }, { "vulnerability": "VCID-raqj-ezua-skeb" }, { "vulnerability": "VCID-reab-s9cu-yudn" }, { "vulnerability": "VCID-ux6m-dn6j-37dc" }, { "vulnerability": "VCID-w518-wkek-97ag" }, { "vulnerability": "VCID-zbj3-7xug-43f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/249?format=api", "purl": "pkg:generic/postgresql@9.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qap-rdxz-4uer" }, { "vulnerability": "VCID-2nve-471m-17h6" }, { "vulnerability": "VCID-35a3-5eq3-8bep" }, { "vulnerability": "VCID-625c-amyd-dybm" }, { "vulnerability": "VCID-6mck-xykx-yuba" }, { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-811b-x31n-tfch" }, { "vulnerability": "VCID-8bu8-zpfv-8bgg" }, { "vulnerability": "VCID-8cbh-gwwy-n3eq" }, { "vulnerability": "VCID-8j4f-u2tq-1qev" }, { "vulnerability": "VCID-9b6v-1bt1-dfgy" }, { "vulnerability": "VCID-a3sh-4t1e-tbh4" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" }, { "vulnerability": "VCID-bqag-mh3g-fqe7" }, { "vulnerability": "VCID-f976-dd3s-fuc8" }, { "vulnerability": "VCID-fd5z-bj21-m3a5" }, { "vulnerability": "VCID-g4tm-8zhw-a7hn" }, { "vulnerability": "VCID-k38h-5crc-u3hr" }, { "vulnerability": "VCID-kbgc-w2jw-auh8" }, { "vulnerability": "VCID-mebz-9qb7-5bd2" }, { "vulnerability": "VCID-n3ka-63rx-5fgk" }, { "vulnerability": "VCID-nz16-gzhk-h3c1" }, { "vulnerability": "VCID-pvxg-byvu-pbec" }, { "vulnerability": "VCID-quqr-bg9k-7yb5" }, { "vulnerability": "VCID-raqj-ezua-skeb" }, { "vulnerability": "VCID-reab-s9cu-yudn" }, { "vulnerability": "VCID-skb5-eeak-v7hz" }, { "vulnerability": "VCID-t864-ytjh-nyg1" }, { "vulnerability": "VCID-ux6m-dn6j-37dc" }, { "vulnerability": "VCID-w518-wkek-97ag" }, { "vulnerability": "VCID-z4t8-c8vc-ayhd" }, { "vulnerability": "VCID-zbj3-7xug-43f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/postgresql@9.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/125851?format=api", "purl": "pkg:rpm/redhat/postgresql@8.4.13-1?arch=el6_3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql@8.4.13-1%3Farch=el6_3" }, { "url": "http://public2.vulnerablecode.io/api/packages/125850?format=api", "purl": "pkg:rpm/redhat/postgresql84@8.4.13-1?arch=el5_8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7jb6-q4x1-cfbw" }, { "vulnerability": "VCID-bdq4-br3j-7kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/postgresql84@8.4.13-1%3Farch=el5_8" } ], "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3489.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3489.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76604", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76554", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76373", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76376", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76406", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.7642", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76434", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76459", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76437", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76472", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76462", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76503", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76515", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76502", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76531", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76549", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76537", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3489" }, { "reference_url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2" }, { "reference_url": "http://secunia.com/advisories/50635", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50635" }, { "reference_url": "http://secunia.com/advisories/50718", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50718" }, { "reference_url": "http://secunia.com/advisories/50859", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50859" }, { "reference_url": "http://secunia.com/advisories/50946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50946" }, { "reference_url": "https://www.postgresql.org/support/security/CVE-2012-3489/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.postgresql.org/support/security/CVE-2012-3489/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2534", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2534" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139" }, { "reference_url": "http://www.postgresql.org/about/news/1407/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/about/news/1407/" }, { "reference_url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html" }, { "reference_url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html" }, { "reference_url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html" }, { "reference_url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html" }, { "reference_url": "http://www.postgresql.org/support/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.postgresql.org/support/security/" }, { "reference_url": "http://www.securityfocus.com/bid/55074", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55074" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1542-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1542-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173", "reference_id": "849173", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3489", "reference_id": "CVE-2012-3489", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3489" }, { "reference_url": "https://security.gentoo.org/glsa/201209-24", "reference_id": "GLSA-201209-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1263", "reference_id": "RHSA-2012:1263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1263" }, { "reference_url": "https://usn.ubuntu.com/1542-1/", "reference_id": "USN-1542-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1542-1/" } ], "weaknesses": [ { "cwe_id": 611, "name": "Improper Restriction of XML External Entity Reference", "description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output." } ], "exploits": [], "severity_range_score": "4.0 - 6.5", "exploitability": "0.5", "weighted_severity": "5.9", "risk_score": 3.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jb6-q4x1-cfbw" }