var-201311-0106
Vulnerability from variot
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. Following versions are vulnerable: Ruby 1.8 Ruby 1.9 prior to 1.9.3-p484 Ruby 2.0 prior to 2.0.0-p353 Ruby 2.1 prior to 2.1.0 preview2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-04-22-1 Security Update 2014-002
Security Update 2014-002 is now available and addresses the following:
CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
CoreServicesUIAgent Available for: OS X Mavericks v10.9.2 Impact: Visiting a maliciously crafted website or URL may result in an unexpected application termination or arbitrary code execution Description: A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra
FontParser Available for: OS X Mountain Lion v10.8.5 Impact: Opening a maliciously crafted PDF file may result in an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of fonts in PDF files. This issue was addressed through additional bounds checking. This issue does not affect OS X Mavericks systems. CVE-ID CVE-2013-5170 : Will Dormann of CERT/CC
Heimdal Kerberos Available for: OS X Mavericks v10.9.2 Impact: A remote attacker may be able to cause a denial of service Description: A reachable abort existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data. CVE-ID CVE-2014-1316 : Joonas Kuorilehto of Codenomicon
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved bounds checking. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of NCC Group
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: A malicious application can take control of the system Description: A validation issue existed in the handling of a pointer from userspace. This issue was addressed through additional validation of pointers. CVE-ID CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
IOKit Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in a XNU object could be retrieved from userland. This issue was addressed through removing the pointer from the object. CVE-ID CVE-2014-1322 : Ian Beer of Google Project Zero
Power Management Available for: OS X Mavericks v10.9.2 Impact: The screen might not lock Description: If a key was pressed or the trackpad touched just after the lid was closed, the system might have tried to wake up while going to sleep, which would have caused the screen to be unlocked. This issue was addressed by ignoring keypresses while going to sleep. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN, Julian Sincu at the Baden-Wuerttemberg Cooperative State University (DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz
Ruby Available for: OS X Mavericks v10.9.2 Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393
Ruby Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an unexpected application termination or arbitrary code execution Description: A heap-based buffer overflow issue existed in Ruby when converting a string to a floating point value. This issue was addressed through additional validation of floating point values. CVE-ID CVE-2013-4164
Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. This issue does not affect Mac OS X 10.7 systems and earlier. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris
WindowServer Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Maliciously crafted applications can execute arbitrary code outside the sandbox Description: WindowServer sessions could be created by sandboxed applications. This issue was addressed by disallowing sandboxed applications from creating WindowServer sessions. CVE-ID CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative
Note: Security Update 2014-002 for OS X Mavericks systems includes the security content of Safari 7.0.3: http://support.apple.com/kb/HT6181
Security Update 2014-002 may be obtained via the Apple Software Update application, and from the Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI 8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a zqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s 4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6 KBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3 85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm +uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5 2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF ZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4 lRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ gYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0 7hmpILk22+6xv6pWCw8D =WWPv -----END PGP SIGNATURE-----
.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
Updated Packages:
Mandriva Enterprise Server 5: 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. These issues were addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066
Mail Service Available for: OS X Yosemite v10.10 or later Impact: Group SACL changes for Mail may not be respected until after a restart of the Mail service Description: SACL settings for Mail were cached and changes to the SACLs were not respected until after a restart of the Mail service. These issues were addressed by switching from YAML to JSON as Profile Manager's internal serialization format. CVE-ID CVE-2013-4164 CVE-2013-6393
Profile Manager Available for: OS X Yosemite v10.10 or later Impact: A local user may obtain passwords after setting up or editing profiles in Profile Manager Description: In certain circumstances, setting up or editing profiles in Profile Manager may have logged passwords to a file. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: cfme security, bug fix, and enhancement update Advisory ID: RHSA-2014:0215-01 Product: Red Hat CloudForms Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0215.html Issue date: 2014-03-11 CVE Names: CVE-2013-4164 CVE-2014-0057 CVE-2014-0081 CVE-2014-0082 =====================================================================
- Summary:
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0.
The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Management Engine - noarch, x86_64
- Description:
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure.
A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. (CVE-2013-4164)
It was found that Red Hat CloudForms Management Engine did not properly sanitize user-supplied values in the ServiceController. (CVE-2014-0057)
It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user as parameters to the affected helpers. (CVE-2014-0081)
A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected. (CVE-2014-0082)
Red Hat would like to thank the Ruby on Rails Project for reporting CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Red Hat CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the References section.
All users of Red Hat CloudForms are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Package List:
Management Engine:
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/cfme-5.2.2.3-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-ruby-1.9.3.448-40.1.el6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-actionpack-3.2.13-5.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-amq-protocol-1.9.2-3.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-bunny-1.0.7-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-excon-0.31.0-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-fog-1.19.0-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-linux_admin-0.7.0-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-more_core_extensions-1.1.2-1.el6cf.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-nokogiri-1.5.6-3.el6cf.src.rpm
noarch: ruby193-ruby-irb-1.9.3.448-40.1.el6.noarch.rpm ruby193-rubygem-actionpack-3.2.13-5.el6cf.noarch.rpm ruby193-rubygem-amq-protocol-1.9.2-3.el6cf.noarch.rpm ruby193-rubygem-amq-protocol-doc-1.9.2-3.el6cf.noarch.rpm ruby193-rubygem-bunny-1.0.7-1.el6cf.noarch.rpm ruby193-rubygem-bunny-doc-1.0.7-1.el6cf.noarch.rpm ruby193-rubygem-excon-0.31.0-1.el6cf.noarch.rpm ruby193-rubygem-fog-1.19.0-1.el6cf.noarch.rpm ruby193-rubygem-linux_admin-0.7.0-1.el6cf.noarch.rpm ruby193-rubygem-more_core_extensions-1.1.2-1.el6cf.noarch.rpm ruby193-rubygems-1.8.23-40.1.el6.noarch.rpm ruby193-rubygems-devel-1.8.23-40.1.el6.noarch.rpm
x86_64: cfme-5.2.2.3-1.el6cf.x86_64.rpm cfme-appliance-5.2.2.3-1.el6cf.x86_64.rpm cfme-debuginfo-5.2.2.3-1.el6cf.x86_64.rpm cfme-lib-5.2.2.3-1.el6cf.x86_64.rpm mingw32-cfme-host-5.2.2.3-1.el6cf.x86_64.rpm ruby193-ruby-1.9.3.448-40.1.el6.x86_64.rpm ruby193-ruby-debuginfo-1.9.3.448-40.1.el6.x86_64.rpm ruby193-ruby-devel-1.9.3.448-40.1.el6.x86_64.rpm ruby193-ruby-libs-1.9.3.448-40.1.el6.x86_64.rpm ruby193-ruby-tcltk-1.9.3.448-40.1.el6.x86_64.rpm ruby193-rubygem-bigdecimal-1.1.0-40.1.el6.x86_64.rpm ruby193-rubygem-io-console-0.3-40.1.el6.x86_64.rpm ruby193-rubygem-nokogiri-1.5.6-3.el6cf.x86_64.rpm ruby193-rubygem-nokogiri-debuginfo-1.5.6-3.el6cf.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://www.redhat.com/security/data/cve/CVE-2014-0057.html https://www.redhat.com/security/data/cve/CVE-2014-0081.html https://www.redhat.com/security/data/cve/CVE-2014-0082.html https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTH0emXlSAg2UNWIIRAiKuAJwL5EJD7SME/nm5B5C6m3SU3QrDAQCdEW3i mWyq+epIWnVm/Pfa1suA2vA= =bQO5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruby",
"scope": "eq",
"trust": 2.4,
"vendor": "ruby lang",
"version": "1.8"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.0.0"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.2"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "2.1"
},
{
"model": "ruby",
"scope": "eq",
"trust": 1.6,
"vendor": "ruby lang",
"version": "1.9.3"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9.3-p484"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"model": "macos server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x mavericks v10.9.5 or later )"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1.0 preview2"
},
{
"model": "macos server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x yosemite v10.10 or later )"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.2"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.1"
},
{
"model": "ruby",
"scope": "lt",
"trust": 0.8,
"vendor": "ruby lang",
"version": "1.9"
},
{
"model": "macos server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"model": "ruby",
"scope": "eq",
"trust": 0.8,
"vendor": "ruby lang",
"version": "2.0.0-p353"
},
{
"model": "matsumoto ruby dev",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.3"
},
{
"model": "matsumoto ruby rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p180",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p136",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p0",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby -rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby p431",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby -p429",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby -p376",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9-1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9"
},
{
"model": "matsumoto ruby -p72",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p71",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p22",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p21",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.7"
},
{
"model": "matsumoto ruby -p287",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p286",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p229",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p114",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.6"
},
{
"model": "matsumoto ruby -p231",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p230",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby -p115",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.5"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.4"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.3"
},
{
"model": "matsumoto ruby pre4",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre2",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby pre1",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.2"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8.1"
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.8"
},
{
"model": "matsumoto ruby 2.1.0-preview1",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p247",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p195",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "2.0"
},
{
"model": "matsumoto ruby 1.9.3-p448",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p426",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p392",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p327",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p0",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby pre3",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.2"
},
{
"model": "matsumoto ruby 1.9.1-p430",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.1-p378",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby",
"scope": "eq",
"trust": 0.3,
"vendor": "yukihiro",
"version": "1.9.0-3"
},
{
"model": "matsumoto ruby 1.8.8dev",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p374",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p357",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p352",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p334",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p330",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p302",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p299",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p249",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p248",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p173",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.7-p160",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p420",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p399",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p388",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p383",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p369",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.8.6-p368",
"scope": null,
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "studio onsite",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "linux enterprise software development kit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "lifecycle management server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "1.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server eus 6.3.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server eus 6.2.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux high availability eus 6.4.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cloudforms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.2"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1"
},
{
"model": "security network protection xgs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "os mavericks",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x2.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "matsumoto ruby 2.1.0-preview2",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 2.0.0-p353",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "matsumoto ruby 1.9.3-p484",
"scope": "ne",
"trust": 0.3,
"vendor": "yukihiro",
"version": null
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.4"
},
{
"model": "os mavericks",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x3.1.2"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x4.0"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ruby-lang:ruby",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Charlie Somerville",
"sources": [
{
"db": "BID",
"id": "63873"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4164",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-4164",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4164",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4164",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. \nFollowing versions are vulnerable:\nRuby 1.8\nRuby 1.9 prior to 1.9.3-p484\nRuby 2.0 prior to 2.0.0-p353\nRuby 2.1 prior to 2.1.0 preview2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-1 Security Update 2014-002\n\nSecurity Update 2014-002 is now available and addresses the\nfollowing:\n\nCFNetwork HTTPProtocol\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: An attacker in a privileged network position can obtain web\nsite credentials\nDescription: Set-Cookie HTTP headers would be processed even if the\nconnection closed before the header line was complete. An attacker\ncould strip security settings from the cookie by forcing the\nconnection to close before the security settings were sent, and then\nobtain the value of the unprotected cookie. This issue was addressed\nby ignoring incomplete HTTP header lines. \nCVE-ID\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\n\nCoreServicesUIAgent\nAvailable for: OS X Mavericks v10.9.2\nImpact: Visiting a maliciously crafted website or URL may result in\nan unexpected application termination or arbitrary code execution\nDescription: A format string issue existed in the handling of URLs. \nThis issue was addressed through additional validation of URLs. This\nissue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Opening a maliciously crafted PDF file may result in an\nunexpected application termination or arbitrary code execution\nDescription: A buffer underflow existed in the handling of fonts in\nPDF files. This issue was addressed through additional bounds\nchecking. This issue does not affect OS X Mavericks systems. \nCVE-ID\nCVE-2013-5170 : Will Dormann of CERT/CC\n\nHeimdal Kerberos\nAvailable for: OS X Mavericks v10.9.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A reachable abort existed in the handling of ASN.1\ndata. This issue was addressed through additional validation of ASN.1\ndata. \nCVE-ID\nCVE-2014-1316 : Joonas Kuorilehto of Codenomicon\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: Viewing a maliciously crafted JPEG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue existed in ImageIO\u0027s handling\nof JPEG images. This issue was addressed through improved bounds\nchecking. This issue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of\nNCC Group\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: A malicious application can take control of the system\nDescription: A validation issue existed in the handling of a pointer\nfrom userspace. This issue was addressed through additional\nvalidation of pointers. \nCVE-ID\nCVE-2014-1318 : Ian Beer of Google Project Zero working with HP\u0027s\nZero Day Initiative\n\nIOKit Kernel\nAvailable for: OS X Mavericks v10.9.2\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: A set of kernel pointers stored in an IOKit object\ncould be retrieved from userland. This issue was addressed through\nremoving the pointers from the object. \nCVE-ID\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP\u0027s\nZero Day Initiative\n\nKernel\nAvailable for: OS X Mavericks v10.9.2\nImpact: A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription: A kernel pointer stored in a XNU object could be\nretrieved from userland. This issue was addressed through removing\nthe pointer from the object. \nCVE-ID\nCVE-2014-1322 : Ian Beer of Google Project Zero\n\nPower Management\nAvailable for: OS X Mavericks v10.9.2\nImpact: The screen might not lock\nDescription: If a key was pressed or the trackpad touched just after\nthe lid was closed, the system might have tried to wake up while\ngoing to sleep, which would have caused the screen to be unlocked. \nThis issue was addressed by ignoring keypresses while going to sleep. \nThis issue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN,\nJulian Sincu at the Baden-Wuerttemberg Cooperative State University\n(DHBW Stuttgart), Gerben Wierda of R\u0026A, Daniel Luz\n\nRuby\nAvailable for: OS X Mavericks v10.9.2\nImpact: Running a Ruby script that handles untrusted YAML tags may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow issue existed in LibYAML\u0027s handling\nof YAML tags. This issue was addressed through additional validation\nof YAML tags. This issue does not affect systems prior to OS X\nMavericks. \nCVE-ID\nCVE-2013-6393\n\nRuby\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: Running a Ruby script that uses untrusted input to create a\nFloat object may lead to an unexpected application termination or\narbitrary code execution\nDescription: A heap-based buffer overflow issue existed in Ruby when\nconverting a string to a floating point value. This issue was\naddressed through additional validation of floating point values. \nCVE-ID\nCVE-2013-4164\n\nSecurity - Secure Transport\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: An attacker with a privileged network position may capture\ndata or change the operations performed in sessions protected by SSL\nDescription: In a \u0027triple handshake\u0027 attack, it was possible for an\nattacker to establish two connections which had the same encryption\nkeys and handshake, insert the attacker\u0027s data in one connection, and\nrenegotiate so that the connections may be forwarded to each other. \nTo prevent attacks based on this scenario, Secure Transport was\nchanged so that, by default, a renegotiation must present the same\nserver certificate as was presented in the original connection. This\nissue does not affect Mac OS X 10.7 systems and earlier. \nCVE-ID\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\nAlfredo Pironti of Prosecco at Inria Paris\n\nWindowServer\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact: Maliciously crafted applications can execute arbitrary code\noutside the sandbox\nDescription: WindowServer sessions could be created by sandboxed\napplications. This issue was addressed by disallowing sandboxed\napplications from creating WindowServer sessions. \nCVE-ID\nCVE-2014-1314 : KeenTeam working with HP\u0027s Zero Day Initiative\n\nNote: Security Update 2014-002 for OS X Mavericks systems includes\nthe security content of Safari 7.0.3:\nhttp://support.apple.com/kb/HT6181\n\nSecurity Update 2014-002 may be obtained via the Apple Software\nUpdate application, and from the Apple\u0027s Software Downloads web\nsite: http://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI\n8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a\nzqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s\n4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6\nKBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3\n85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm\n+uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5\n2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF\nZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4\nlRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ\ngYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0\n7hmpILk22+6xv6pWCw8D\n=WWPv\n-----END PGP SIGNATURE-----\n\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm\n 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm \n fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm\n 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm \n fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm\n cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm\n 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm\n 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm \n 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. These\nissues were addressed by updating PostgreSQL to version 9.2.7. \nCVE-ID\nCVE-2014-0060\nCVE-2014-0061\nCVE-2014-0062\nCVE-2014-0063\nCVE-2014-0064\nCVE-2014-0065\nCVE-2014-0066\n\nMail Service\nAvailable for: OS X Yosemite v10.10 or later\nImpact: Group SACL changes for Mail may not be respected until after\na restart of the Mail service\nDescription: SACL settings for Mail were cached and changes to the\nSACLs were not respected until after a restart of the Mail service. These\nissues were addressed by switching from YAML to JSON as Profile\nManager\u0027s internal serialization format. \nCVE-ID\nCVE-2013-4164\nCVE-2013-6393\n\nProfile Manager\nAvailable for: OS X Yosemite v10.10 or later\nImpact: A local user may obtain passwords after setting up or\nediting profiles in Profile Manager\nDescription: In certain circumstances, setting up or editing\nprofiles in Profile Manager may have logged passwords to a file. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: cfme security, bug fix, and enhancement update\nAdvisory ID: RHSA-2014:0215-01\nProduct: Red Hat CloudForms\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0215.html\nIssue date: 2014-03-11\nCVE Names: CVE-2013-4164 CVE-2014-0057 CVE-2014-0081 \n CVE-2014-0082 \n=====================================================================\n\n1. Summary:\n\nUpdated cfme packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat CloudForms 3.0. \n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nManagement Engine - noarch, x86_64\n\n3. Description:\n\nRed Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure. \n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. \n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers. \n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected. \n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team. \n\nThis update fixes several bugs and adds multiple enhancements. \nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section. \n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Package List:\n\nManagement Engine:\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/cfme-5.2.2.3-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-ruby-1.9.3.448-40.1.el6.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-actionpack-3.2.13-5.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-amq-protocol-1.9.2-3.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-bunny-1.0.7-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-excon-0.31.0-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-fog-1.19.0-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-linux_admin-0.7.0-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-more_core_extensions-1.1.2-1.el6cf.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/CloudForms/SRPMS/ruby193-rubygem-nokogiri-1.5.6-3.el6cf.src.rpm\n\nnoarch:\nruby193-ruby-irb-1.9.3.448-40.1.el6.noarch.rpm\nruby193-rubygem-actionpack-3.2.13-5.el6cf.noarch.rpm\nruby193-rubygem-amq-protocol-1.9.2-3.el6cf.noarch.rpm\nruby193-rubygem-amq-protocol-doc-1.9.2-3.el6cf.noarch.rpm\nruby193-rubygem-bunny-1.0.7-1.el6cf.noarch.rpm\nruby193-rubygem-bunny-doc-1.0.7-1.el6cf.noarch.rpm\nruby193-rubygem-excon-0.31.0-1.el6cf.noarch.rpm\nruby193-rubygem-fog-1.19.0-1.el6cf.noarch.rpm\nruby193-rubygem-linux_admin-0.7.0-1.el6cf.noarch.rpm\nruby193-rubygem-more_core_extensions-1.1.2-1.el6cf.noarch.rpm\nruby193-rubygems-1.8.23-40.1.el6.noarch.rpm\nruby193-rubygems-devel-1.8.23-40.1.el6.noarch.rpm\n\nx86_64:\ncfme-5.2.2.3-1.el6cf.x86_64.rpm\ncfme-appliance-5.2.2.3-1.el6cf.x86_64.rpm\ncfme-debuginfo-5.2.2.3-1.el6cf.x86_64.rpm\ncfme-lib-5.2.2.3-1.el6cf.x86_64.rpm\nmingw32-cfme-host-5.2.2.3-1.el6cf.x86_64.rpm\nruby193-ruby-1.9.3.448-40.1.el6.x86_64.rpm\nruby193-ruby-debuginfo-1.9.3.448-40.1.el6.x86_64.rpm\nruby193-ruby-devel-1.9.3.448-40.1.el6.x86_64.rpm\nruby193-ruby-libs-1.9.3.448-40.1.el6.x86_64.rpm\nruby193-ruby-tcltk-1.9.3.448-40.1.el6.x86_64.rpm\nruby193-rubygem-bigdecimal-1.1.0-40.1.el6.x86_64.rpm\nruby193-rubygem-io-console-0.3-40.1.el6.x86_64.rpm\nruby193-rubygem-nokogiri-1.5.6-3.el6cf.x86_64.rpm\nruby193-rubygem-nokogiri-debuginfo-1.5.6-3.el6cf.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-4164.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0057.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0081.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0082.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/site/documentation/en-US/CloudForms/3.0/html/Management_Engine_5.2_Technical_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTH0emXlSAg2UNWIIRAiKuAJwL5EJD7SME/nm5B5C6m3SU3QrDAQCdEW3i\nmWyq+epIWnVm/Pfa1suA2vA=\n=bQO5\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. \nIt has features to process text files and to perform system management\ntasks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4164"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "BID",
"id": "63873"
},
{
"db": "PACKETSTORM",
"id": "124704"
},
{
"db": "PACKETSTORM",
"id": "126269"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4164",
"trust": 3.3
},
{
"db": "OSVDB",
"id": "100113",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55787",
"trust": 1.6
},
{
"db": "BID",
"id": "63873",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "57376",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95860341",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97537282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124704",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124177",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "PACKETSTORM",
"id": "124704"
},
{
"db": "PACKETSTORM",
"id": "126269"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"id": "VAR-201311-0106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24090908
},
"last_update_date": "2024-11-29T21:31:01.728000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6207",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6207"
},
{
"title": "HT6248",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6248"
},
{
"title": "HT6536",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6536"
},
{
"title": "HT6207",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6207?viewlocale=ja_JP"
},
{
"title": "HT6248",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6248?viewlocale=ja_JP"
},
{
"title": "HT6536",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6536?viewlocale=ja_JP"
},
{
"title": "DSA-2810",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"title": "openSUSE-SU-2013:1834",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"title": "openSUSE-SU-2013:1835",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"title": "Multiple vulnerabilities in Ruby",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ruby1"
},
{
"title": "Bug 1033460",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033460"
},
{
"title": "RHSA-2014:0215",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"title": "RHSA-2013:1763",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1763.html"
},
{
"title": "RHSA-2013:1764",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1764.html"
},
{
"title": "RHSA-2013:1767",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1767.html"
},
{
"title": "RHSA-2014:0011",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0011.html"
},
{
"title": "Ruby 2.0.0-p353 is released",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"title": "Ruby 1.9.3-p484 is released",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"title": "Heap Overflow in Floating Point Parsing (CVE-2013-4164)",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"title": "CVE-2013-4164 Buffer Errors vulnerability in Ruby",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49037"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49041"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49036"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49040"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49034"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49039"
},
{
"title": "ruby-1.9.3-p484",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49032"
},
{
"title": "ruby-2.0.0-p353",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49038"
},
{
"title": "ruby-2.1.0-preview2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49042"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
},
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"trust": 1.6,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/55787"
},
{
"trust": 1.6,
"url": "http://osvdb.org/100113"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0011.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1763.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0215.html"
},
{
"trust": 1.3,
"url": "https://support.apple.com/kb/ht6536"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1767.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1764.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"trust": 1.0,
"url": "https://puppet.com/security/cve/cve-2013-4164"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2809"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://www.ubuntu.com/usn/usn-2035-1"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/57376"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/63873"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4164"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95860341/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97537282/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4164"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4164"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/apr/133"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2013-4164"
},
{
"trust": 0.3,
"url": "http://www.ruby-lang.org"
},
{
"trust": 0.3,
"url": "http://www.slackware.com/lists/archive/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.484609"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors"
},
{
"trust": 0.3,
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665279"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4164.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6393"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5170"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1315"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1320"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1321"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3919"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/cloudforms/3.0/html/management_engine_5.2_technical_notes/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0082"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0081.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0081"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0057.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0082.html"
}
],
"sources": [
{
"db": "BID",
"id": "63873"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "PACKETSTORM",
"id": "124704"
},
{
"db": "PACKETSTORM",
"id": "126269"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "63873"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "PACKETSTORM",
"id": "124704"
},
{
"db": "PACKETSTORM",
"id": "126269"
},
{
"db": "PACKETSTORM",
"id": "124189"
},
{
"db": "PACKETSTORM",
"id": "128731"
},
{
"db": "PACKETSTORM",
"id": "125651"
},
{
"db": "PACKETSTORM",
"id": "124177"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-22T00:00:00",
"db": "BID",
"id": "63873"
},
{
"date": "2013-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"date": "2014-01-08T00:11:54",
"db": "PACKETSTORM",
"id": "124704"
},
{
"date": "2014-04-23T00:00:30",
"db": "PACKETSTORM",
"id": "126269"
},
{
"date": "2013-11-26T15:55:00",
"db": "PACKETSTORM",
"id": "124189"
},
{
"date": "2014-10-17T15:07:38",
"db": "PACKETSTORM",
"id": "128731"
},
{
"date": "2014-03-11T21:31:51",
"db": "PACKETSTORM",
"id": "125651"
},
{
"date": "2013-11-26T01:48:08",
"db": "PACKETSTORM",
"id": "124177"
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"date": "2013-11-23T19:55:03.517000",
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:19:00",
"db": "BID",
"id": "63873"
},
{
"date": "2015-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"date": "2013-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-353"
},
{
"date": "2024-11-21T01:55:00.143000",
"db": "NVD",
"id": "CVE-2013-4164"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruby Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005257"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-353"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.