VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1px9-q7g4-aaan

Essentials
Severities (143)
References (76)
Severity details (51)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-1px9-q7g4-aaan
Aliases	CVE-2019-11068 GHSA-qxcg-xjjg-66mj
Summary	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-284	Improper Access Control

System	Score	Found at
cvssv3.1	9.8	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
generic_textual	CRITICAL	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
cvssv3.1	9.8	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
generic_textual	CRITICAL	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
cvssv3.1	9.8	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
generic_textual	CRITICAL	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11068.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4005
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4464
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00275	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00350	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.00522	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.01109	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
epss	0.02491	https://api.first.org/data/v1/epss?cve=CVE-2019-11068
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1709697
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
cvssv3	6.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-qxcg-xjjg-66mj
cvssv3.1	9.8	https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
generic_textual	CRITICAL	https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
cvssv3.1	9.8	https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
generic_textual	CRITICAL	https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
cvssv3	9.8	https://github.com/sparklemotion/nokogiri/issues/1892
cvssv3.1	9.8	https://github.com/sparklemotion/nokogiri/issues/1892
generic_textual	CRITICAL	https://github.com/sparklemotion/nokogiri/issues/1892
cvssv3.1	9.8	https://github.com/sparklemotion/nokogiri/pull/1898
generic_textual	CRITICAL	https://github.com/sparklemotion/nokogiri/pull/1898
cvssv3.1	9.8	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
generic_textual	CRITICAL	https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-11068
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-11068
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-11068
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-11068
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20191017-0001
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20191017-0001
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3947-1
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3947-2
cvssv3.1	9.8	https://usn.ubuntu.com/3947-1
generic_textual	CRITICAL	https://usn.ubuntu.com/3947-1
cvssv3.1	9.8	https://usn.ubuntu.com/3947-2
generic_textual	CRITICAL	https://usn.ubuntu.com/3947-2
cvssv3.1	9.8	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
generic_textual	CRITICAL	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2019/04/22/1
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2019/04/22/1
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2019/04/23/5
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2019/04/23/5

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
		http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11068.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-11068
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
		https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
		https://github.com/sparklemotion/nokogiri/issues/1892
		https://github.com/sparklemotion/nokogiri/pull/1898
		https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
		https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
		https://security.netapp.com/advisory/ntap-20191017-0001
		https://security.netapp.com/advisory/ntap-20191017-0001/
		https://ubuntu.com/security/notices/USN-3947-1
		https://ubuntu.com/security/notices/USN-3947-2
		https://usn.ubuntu.com/3947-1
		https://usn.ubuntu.com/3947-1/
		https://usn.ubuntu.com/3947-2
		https://usn.ubuntu.com/3947-2/
		https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
		http://www.openwall.com/lists/oss-security/2019/04/22/1
		http://www.openwall.com/lists/oss-security/2019/04/23/5
1709697		https://bugzilla.redhat.com/show_bug.cgi?id=1709697
926895		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_backup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::vmware_vcenter::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::vmware_vcenter::
cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*
cpe:2.3:a:netapp:snapmanager:-:-::::oracle::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-::::oracle::*
cpe:2.3:a:netapp:snapmanager:-:::::sap::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:::::sap::
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
cpe:2.3:a:oracle:jdk:8.0:update_221::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221::::::
cpe:2.3:a:xmlsoft:libxslt::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt::::::::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:fedoraproject:fedora:29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:42.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
CVE-2019-11068		https://nvd.nist.gov/vuln/detail/CVE-2019-11068
CVE-2019-11068		https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
CVE-2019-11068		https://security-tracker.debian.org/tracker/CVE-2019-11068
CVE-2019-11068.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
GHSA-qxcg-xjjg-66mj		https://github.com/advisories/GHSA-qxcg-xjjg-66mj
RHSA-2020:4005		https://access.redhat.com/errata/RHSA-2020:4005
RHSA-2020:4464		https://access.redhat.com/errata/RHSA-2020:4464

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/issues/1892

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/sparklemotion/nokogiri/pull/1898

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11068

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11068

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11068

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-11068

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20191017-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3947-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3947-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2019/04/22/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2019/04/23/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.68729
EPSS Score	0.00275
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
		http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
		http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
		http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11068.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-11068
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
		https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
		https://github.com/sparklemotion/nokogiri/issues/1892
		https://github.com/sparklemotion/nokogiri/pull/1898
		https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
		https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
		https://security.netapp.com/advisory/ntap-20191017-0001
		https://security.netapp.com/advisory/ntap-20191017-0001/
		https://ubuntu.com/security/notices/USN-3947-1
		https://ubuntu.com/security/notices/USN-3947-2
		https://usn.ubuntu.com/3947-1
		https://usn.ubuntu.com/3947-1/
		https://usn.ubuntu.com/3947-2
		https://usn.ubuntu.com/3947-2/
		https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
		http://www.openwall.com/lists/oss-security/2019/04/22/1
		http://www.openwall.com/lists/oss-security/2019/04/23/5
1709697		https://bugzilla.redhat.com/show_bug.cgi?id=1709697
926895		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_backup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::vmware_vcenter::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:::::vmware_vcenter::
cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*
cpe:2.3:a:netapp:snapmanager:-:-::::oracle::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-::::oracle::*
cpe:2.3:a:netapp:snapmanager:-:::::sap::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:::::sap::
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
cpe:2.3:a:oracle:jdk:8.0:update_221::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221::::::
cpe:2.3:a:xmlsoft:libxslt::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt::::::::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:fedoraproject:fedora:29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:opensuse:leap:42.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
CVE-2019-11068		https://nvd.nist.gov/vuln/detail/CVE-2019-11068
CVE-2019-11068		https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
CVE-2019-11068		https://security-tracker.debian.org/tracker/CVE-2019-11068
CVE-2019-11068.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
GHSA-qxcg-xjjg-66mj		https://github.com/advisories/GHSA-qxcg-xjjg-66mj
RHSA-2020:4005		https://access.redhat.com/errata/RHSA-2020:4005
RHSA-2020:4464		https://access.redhat.com/errata/RHSA-2020:4464