Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-3146 (GCVE-0-2014-3146)
Vulnerability from cvelistv5 – Published: 2014-05-14 19:00 – Updated: 2025-12-17 21:03
VLAI?
EPSS
Summary
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "USN-2217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "58744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "67159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "MDVSA-2015:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "58013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "59008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59008"
},
{
"name": "openSUSE-SU-2014:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-3146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T20:54:15.303305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:03:02.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2941",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "USN-2217-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "58744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "67159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "MDVSA-2015:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "58013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "59008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59008"
},
{
"name": "openSUSE-SU-2014:0735",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3146",
"datePublished": "2014-05-14T19:00:00.000Z",
"dateReserved": "2014-05-02T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:03:02.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.debian.org/security/2014/dsa-2941\", \"name\": \"DSA-2941\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://lxml.de/3.3/changes-3.3.5.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/05/09/7\", \"name\": \"[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2217-1\", \"name\": \"USN-2217-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\", \"name\": \"[lxml] 20140415 lxml.html.clean vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/58744\", \"name\": \"58744\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2014-0218.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/67159\", \"name\": \"67159\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\", \"name\": \"MDVSA-2015:112\", \"tags\": [\"vendor-advisory\", \"x_refsource_MANDRIVA\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/58013\", \"name\": \"58013\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/210\", \"name\": \"20140415 lxml (python lib) vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/59008\", \"name\": \"59008\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\", \"name\": \"openSUSE-SU-2014:0735\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/319\", \"name\": \"20140430 Re: lxml (python lib) vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T10:35:56.613Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2014-3146\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T20:54:15.303305Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-17T20:47:07.086Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2014-04-15T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.debian.org/security/2014/dsa-2941\", \"name\": \"DSA-2941\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://lxml.de/3.3/changes-3.3.5.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/05/09/7\", \"name\": \"[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-2217-1\", \"name\": \"USN-2217-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html\", \"name\": \"[lxml] 20140415 lxml.html.clean vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://secunia.com/advisories/58744\", \"name\": \"58744\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2014-0218.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/67159\", \"name\": \"67159\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:112\", \"name\": \"MDVSA-2015:112\", \"tags\": [\"vendor-advisory\", \"x_refsource_MANDRIVA\"]}, {\"url\": \"http://secunia.com/advisories/58013\", \"name\": \"58013\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/210\", \"name\": \"20140415 lxml (python lib) vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}, {\"url\": \"http://secunia.com/advisories/59008\", \"name\": \"59008\", \"tags\": [\"third-party-advisory\", \"x_refsource_SECUNIA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html\", \"name\": \"openSUSE-SU-2014:0735\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/319\", \"name\": \"20140430 Re: lxml (python lib) vulnerability\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2017-12-28T19:57:01.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2014-3146\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-17T21:03:02.761Z\", \"dateReserved\": \"2014-05-02T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2014-05-14T19:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2024-AVI-0385
Vulnerability from certfr_avis - Published: 2024-05-10 - Updated: 2024-05-10
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.23 | ||
| IBM | N/A | AIX et VIOS sans le dernier correctif de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions antérieures à 6.1.0.24 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.4.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.7 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF02 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX et VIOS sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions ant\u00e9rieures \u00e0 6.1.0.24",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-6681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2024-27273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27273"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2021-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2023-44794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44794"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
}
],
"initial_release_date": "2024-05-10T00:00:00",
"last_revision_date": "2024-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0385",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150297 du 06 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150297"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150684 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150684"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150803 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150277 du 05 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150277"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150196 du 03 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150798 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150804 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150799 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150799"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150276 du 05 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150276"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150802 du 09 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7150362 du 07 mai 2024",
"url": "https://www.ibm.com/support/pages/node/7150362"
}
]
}
CERTFR-2024-AVI-0506
Vulnerability from certfr_avis - Published: 2024-06-19 - Updated: 2024-06-19
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Secure Analytics versions antérieures à 7.5.0 UP8 IF03 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
},
{
"name": "CVE-2023-4732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2023-3138",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
},
{
"name": "CVE-2023-46813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-40551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40551"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-51043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2023-5633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2022-38457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-6536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2020-10001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
},
{
"name": "CVE-2024-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2007-4559",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
},
{
"name": "CVE-2023-33951",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
},
{
"name": "CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2022-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2023-45862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2020-3898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2024-28784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28784"
},
{
"name": "CVE-2022-45869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
},
{
"name": "CVE-2023-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2023-50961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2023-6817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-41858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-34968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2001-1267",
"url": "https://www.cve.org/CVERecord?id=CVE-2001-1267"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2019-19204",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2018-19787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2023-1252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2020-28241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28241"
},
{
"name": "CVE-2023-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
},
{
"name": "CVE-2023-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
},
{
"name": "CVE-2023-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
},
{
"name": "CVE-2022-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
},
{
"name": "CVE-2023-33952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
},
{
"name": "CVE-2023-32324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
},
{
"name": "CVE-2014-3146",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-3758",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3758"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-34967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-40546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40546"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2023-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2023-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
},
{
"name": "CVE-2023-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2023-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
},
{
"name": "CVE-2024-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0553"
},
{
"name": "CVE-2023-1075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2023-6535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
},
{
"name": "CVE-2023-25012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25012"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2019-19203",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2022-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-34241",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2023-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-42465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42465"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2023-6606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
},
{
"name": "CVE-2023-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2023-40549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40549"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2011-4969",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4969"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2023-40548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40548"
},
{
"name": "CVE-2023-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-34966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-7192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
},
{
"name": "CVE-2023-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2023-40550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40550"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-51042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2017-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7501"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2023-50960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2012-6708",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
},
{
"name": "CVE-2022-2127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
},
{
"name": "CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2020-27783",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2021-43818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
},
{
"name": "CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
},
{
"name": "CVE-2023-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
}
],
"initial_release_date": "2024-06-19T00:00:00",
"last_revision_date": "2024-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82681",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03"
}
]
}
PYSEC-2014-9
Vulnerability from pysec - Published: 2014-05-14 19:55 - Updated: 2021-07-05 00:01
VLAI?
Details
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Impacted products
| Name | purl | lxml | pkg:pypi/lxml |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lxml",
"purl": "pkg:pypi/lxml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.9",
"0.9.1",
"0.9.2",
"1.0",
"1.0.1",
"1.0.2",
"1.0.3",
"1.0.4",
"1.0.beta",
"1.1",
"1.1.1",
"1.1.2",
"1.1alpha",
"1.1beta",
"1.2",
"1.2.1",
"1.3",
"1.3.1",
"1.3.2",
"1.3.3",
"1.3.4",
"1.3.5",
"1.3.6",
"1.3beta",
"2.0",
"2.0.1",
"2.0.10",
"2.0.11",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6",
"2.0.7",
"2.0.8",
"2.0.9",
"2.0alpha1",
"2.0alpha2",
"2.0alpha3",
"2.0alpha4",
"2.0alpha5",
"2.0alpha6",
"2.0beta1",
"2.0beta2",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.1.4",
"2.1.5",
"2.1alpha1",
"2.1beta1",
"2.1beta2",
"2.1beta3",
"2.2",
"2.2.1",
"2.2.2",
"2.2.3",
"2.2.4",
"2.2.5",
"2.2.6",
"2.2.7",
"2.2.8",
"2.2alpha1",
"2.2beta1",
"2.2beta2",
"2.2beta3",
"2.2beta4",
"2.3",
"2.3.1",
"2.3.2",
"2.3.3",
"2.3.4",
"2.3.5",
"2.3.6",
"2.3alpha1",
"2.3alpha2",
"2.3beta1",
"3.0",
"3.0.1",
"3.0.2",
"3.1.0",
"3.1.1",
"3.1.2",
"3.1beta1",
"3.2.0",
"3.2.1",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.3.0",
"3.3.0beta1",
"3.3.0beta2",
"3.3.0beta3",
"3.3.0beta4",
"3.3.0beta5",
"3.3.1",
"3.3.2",
"3.3.3",
"3.3.4"
]
}
],
"aliases": [
"CVE-2014-3146"
],
"details": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.",
"id": "PYSEC-2014-9",
"modified": "2021-07-05T00:01:22.415943Z",
"published": "2014-05-14T19:55:00Z",
"references": [
{
"type": "WEB",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/67159"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"type": "ADVISORY",
"url": "http://secunia.com/advisories/58013"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"type": "WEB",
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"type": "ADVISORY",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"type": "ADVISORY",
"url": "http://secunia.com/advisories/58744"
},
{
"type": "ADVISORY",
"url": "http://secunia.com/advisories/59008"
},
{
"type": "ADVISORY",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"type": "ADVISORY",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2014/dsa-2941"
}
]
}
GSD-2014-3146
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-3146",
"description": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.",
"id": "GSD-2014-3146",
"references": [
"https://www.suse.com/security/cve/CVE-2014-3146.html",
"https://www.debian.org/security/2014/dsa-2941",
"https://ubuntu.com/security/CVE-2014-3146",
"https://advisories.mageia.org/CVE-2014-3146.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-3146"
],
"details": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.",
"id": "GSD-2014-3146",
"modified": "2023-12-13T01:22:53.246785Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0218.html",
"refsource": "MISC",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "http://lxml.de/3.3/changes-3.3.5.html",
"refsource": "MISC",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/210",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/319",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"name": "http://secunia.com/advisories/58013",
"refsource": "MISC",
"url": "http://secunia.com/advisories/58013"
},
{
"name": "http://secunia.com/advisories/58744",
"refsource": "MISC",
"url": "http://secunia.com/advisories/58744"
},
{
"name": "http://secunia.com/advisories/59008",
"refsource": "MISC",
"url": "http://secunia.com/advisories/59008"
},
{
"name": "http://www.debian.org/security/2014/dsa-2941",
"refsource": "MISC",
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/05/09/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "http://www.securityfocus.com/bid/67159",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "http://www.ubuntu.com/usn/USN-2217-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html",
"refsource": "MISC",
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c3.3.5",
"affected_versions": "All versions before 3.3.5",
"credit": "@m_ksimka",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2017-12-28",
"description": "HTML cleaning can fail to strip Javascript links that mix control characters into the link scheme.",
"fixed_versions": [
"3.3.5"
],
"identifier": "CVE-2014-3146",
"identifiers": [
"CVE-2014-3146"
],
"not_impacted": "All versions starting from 3.3.5",
"package_slug": "pypi/lxml",
"pubdate": "2014-05-14",
"solution": "Upgrade to version 3.3.5 or above.",
"title": "Fail to strip Javascript links with non printable chars",
"urls": [
"http://seclists.org/fulldisclosure/2014/Apr/210",
"https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc"
],
"uuid": "4488954a-5874-444f-8074-d091b5ad36e3"
},
{
"affected_range": "\u003c=3.3.4",
"affected_versions": "All versions up to 3.3.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2017-12-28",
"description": "Incomplete denylist in the `lxml.html.clean module` in lxml allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the `clean_html` function.",
"fixed_versions": [
"3.3.5"
],
"identifier": "CVE-2014-3146",
"identifiers": [
"CVE-2014-3146"
],
"not_impacted": "All versions after 3.3.4",
"package_slug": "pypi/python-lxml",
"pubdate": "2014-05-14",
"solution": "Upgrade to version 3.3.5 or above.",
"title": "Code Injection",
"urls": [
"https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007129.html",
"https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3146"
],
"uuid": "56108586-2fe1-4f9d-aaec-a0f845fb9ccd"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.1:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.3.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:3.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.2:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3146"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lxml.de/3.3/changes-3.3.5.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"name": "20140415 lxml (python lib) vulnerability",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"name": "67159",
"refsource": "BID",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"name": "[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"name": "58013",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/58013"
},
{
"name": "20140430 Re: lxml (python lib) vulnerability",
"refsource": "FULLDISC",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"name": "[lxml] 20140415 lxml.html.clean vulnerability",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"name": "USN-2217-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"name": "openSUSE-SU-2014:0735",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"name": "58744",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/58744"
},
{
"name": "59008",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59008"
},
{
"name": "MDVSA-2015:112",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0218.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"name": "DSA-2941",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2014/dsa-2941"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-12-29T02:29Z",
"publishedDate": "2014-05-14T19:55Z"
}
}
}
GHSA-57QW-CC2G-PV5P
Vulnerability from github – Published: 2022-05-14 04:01 – Updated: 2024-09-30 17:03
VLAI?
Summary
lxml Cross-site Scripting Via Control Characters
Details
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Severity ?
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lxml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-3146"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-04T20:12:48Z",
"nvd_published_at": "2014-05-14T19:55:00Z",
"severity": "MODERATE"
},
"details": "Incomplete blacklist vulnerability in the `lxml.html.clean` module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the `clean_html` function.",
"id": "GHSA-57qw-cc2g-pv5p",
"modified": "2024-09-30T17:03:32Z",
"published": "2022-05-14T04:01:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3146"
},
{
"type": "WEB",
"url": "https://github.com/lxml/lxml/pull/273"
},
{
"type": "WEB",
"url": "https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec"
},
{
"type": "WEB",
"url": "https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69"
},
{
"type": "WEB",
"url": "https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc"
},
{
"type": "PACKAGE",
"url": "https://github.com/lxml/lxml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml"
},
{
"type": "WEB",
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"type": "WEB",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "lxml Cross-site Scripting Via Control Characters"
}
FKIE_CVE-2014-3146
Vulnerability from fkie_nvd - Published: 2014-05-14 19:55 - Updated: 2025-12-17 21:15
Severity ?
Summary
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://advisories.mageia.org/MGASA-2014-0218.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html | ||
| secalert@redhat.com | http://lxml.de/3.3/changes-3.3.5.html | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2014/Apr/210 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2014/Apr/319 | Exploit | |
| secalert@redhat.com | http://secunia.com/advisories/58013 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/58744 | ||
| secalert@redhat.com | http://secunia.com/advisories/59008 | ||
| secalert@redhat.com | http://www.debian.org/security/2014/dsa-2941 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/05/09/7 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/67159 | Exploit | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2217-1 | ||
| secalert@redhat.com | https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0218.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lxml.de/3.3/changes-3.3.5.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Apr/210 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Apr/319 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59008 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/05/09/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67159 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2217-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lxml | lxml | * | |
| lxml | lxml | 0.5 | |
| lxml | lxml | 0.5.1 | |
| lxml | lxml | 0.6 | |
| lxml | lxml | 0.7 | |
| lxml | lxml | 0.8 | |
| lxml | lxml | 0.9 | |
| lxml | lxml | 0.9.1 | |
| lxml | lxml | 0.9.2 | |
| lxml | lxml | 1.0 | |
| lxml | lxml | 1.0.1 | |
| lxml | lxml | 1.0.2 | |
| lxml | lxml | 1.0.3 | |
| lxml | lxml | 1.0.4 | |
| lxml | lxml | 1.1 | |
| lxml | lxml | 1.1.1 | |
| lxml | lxml | 1.1.2 | |
| lxml | lxml | 1.2 | |
| lxml | lxml | 1.2.1 | |
| lxml | lxml | 1.3 | |
| lxml | lxml | 1.3.1 | |
| lxml | lxml | 1.3.2 | |
| lxml | lxml | 1.3.3 | |
| lxml | lxml | 1.3.4 | |
| lxml | lxml | 1.3.5 | |
| lxml | lxml | 1.3.6 | |
| lxml | lxml | 2.0 | |
| lxml | lxml | 2.0.1 | |
| lxml | lxml | 2.0.2 | |
| lxml | lxml | 2.0.3 | |
| lxml | lxml | 2.0.4 | |
| lxml | lxml | 2.0.5 | |
| lxml | lxml | 2.0.6 | |
| lxml | lxml | 2.0.7 | |
| lxml | lxml | 2.0.8 | |
| lxml | lxml | 2.0.9 | |
| lxml | lxml | 2.0.10 | |
| lxml | lxml | 2.0.11 | |
| lxml | lxml | 2.1 | |
| lxml | lxml | 2.1 | |
| lxml | lxml | 2.1 | |
| lxml | lxml | 2.1 | |
| lxml | lxml | 2.1.1 | |
| lxml | lxml | 2.1.2 | |
| lxml | lxml | 2.1.3 | |
| lxml | lxml | 2.1.4 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2 | |
| lxml | lxml | 2.2.1 | |
| lxml | lxml | 2.2.2 | |
| lxml | lxml | 2.2.3 | |
| lxml | lxml | 2.2.4 | |
| lxml | lxml | 2.2.5 | |
| lxml | lxml | 2.2.6 | |
| lxml | lxml | 2.2.7 | |
| lxml | lxml | 2.2.8 | |
| lxml | lxml | 2.3 | |
| lxml | lxml | 2.3 | |
| lxml | lxml | 2.3 | |
| lxml | lxml | 2.3 | |
| lxml | lxml | 2.3.1 | |
| lxml | lxml | 2.3.2 | |
| lxml | lxml | 2.3.3 | |
| lxml | lxml | 2.3.4 | |
| lxml | lxml | 2.3.5 | |
| lxml | lxml | 2.3.6 | |
| lxml | lxml | 3.0 | |
| lxml | lxml | 3.0 | |
| lxml | lxml | 3.0 | |
| lxml | lxml | 3.0 | |
| lxml | lxml | 3.0.1 | |
| lxml | lxml | 3.0.2 | |
| lxml | lxml | 3.1 | |
| lxml | lxml | 3.1.0 | |
| lxml | lxml | 3.1.1 | |
| lxml | lxml | 3.1.2 | |
| lxml | lxml | 3.2.0 | |
| lxml | lxml | 3.2.1 | |
| lxml | lxml | 3.2.2 | |
| lxml | lxml | 3.2.3 | |
| lxml | lxml | 3.2.4 | |
| lxml | lxml | 3.2.5 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.0 | |
| lxml | lxml | 3.3.1 | |
| lxml | lxml | 3.3.2 | |
| lxml | lxml | 3.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAC1D54-E4B7-4212-A281-9AE313C7A9DC",
"versionEndIncluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "299444A8-4017-4358-9B35-0A9C475E5FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C48BCC21-D20B-4390-870D-C88C9863D46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "779553CC-B269-479D-8885-1251541AC8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F73BEB9C-4F4F-4F63-81FF-0B65D6068DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "39876055-AAFD-4584-872E-044C111417B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "25FD79CE-8C7C-4994-80D6-CA1E98C062EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C641DEEC-643D-48AA-A2BC-3066CD02D072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C1834-7ADB-4444-B892-083CCA6FD0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08F26EDB-5E1C-453A-8332-6DF4FD0627F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24F0DD2C-2836-4477-849A-F154C0BF37D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD4F21D-D09A-488A-A457-2BB5589B6B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DFE602-6616-4369-9CA7-5C35FA80A4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0F6513-1D7F-48D8-820C-F78A7935BE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F36E5C1-7DF3-4692-8FEE-F1007E57399B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4551FDBD-8975-4399-BD00-02EC03AD0CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F067084A-72E9-4D45-8EB9-534F718FD11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54021062-86DC-4B28-AD87-963F0C415798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B01E478-3B3A-4B05-AEDC-6A404DB7803A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20751814-185B-489F-AD35-239EA168D293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0286DD-FDA3-4B31-B579-6FD68BF88B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B56F992-FEE5-4EB0-BB5D-B55BC2A5CDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFEEE806-93A1-4683-9524-66B969E96D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21DC60E8-18F6-414F-81A0-37EAEF9D73A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B693FE5-0F4F-441C-8D6D-B2B0C00F4784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3319AB13-F589-44CA-8936-3A4D23C3C8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC3B496-51EE-41E0-B785-E9E4FA530116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "041CED1D-1D91-4BAC-8182-BE5870ADFEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93A757-1B1A-4E69-89FD-B738F80C560D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E58E8C6-6979-4256-947C-887D7E3F611A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06AC5F6D-F72C-4D30-997D-0202D9CACA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AFA1D4-265D-4B72-B6A0-9F31F4612C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0A216360-8892-4118-96DE-77EB7D17CA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3513EB-8A8F-43AE-B079-AA5E27569CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD3E4E-A3C0-4686-BD91-9B58CBC74DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDCFAEE-9C4B-4610-81A5-A5AD4420D579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88206B3E-503D-4C9C-85A2-8E1FB720E962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9D682D-CF6B-43FB-A29D-50BC54FB3E99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "925AF6FD-EB7C-48EA-8747-5066103C58A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "940C521B-EF4D-4A90-B1E1-E52C9793D645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F3AB9E27-9017-4207-A66E-199CFD9EE4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8900D734-E782-4759-A4DD-D577A462042C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C66C8E1-EE4E-4462-8844-15995FD1FB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9747A1D-D644-442B-B2AE-C8D962B187E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "777CB9D2-EACF-4F1A-B533-BFED0B27D214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58001941-9E40-45D7-9892-C79B7A8F3720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "4C7FE4FA-6C7C-4A3C-B2EE-C6B70C8A3F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "F7E1DFA9-CC7B-4E9F-A2E4-0FE8DF536101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B40A7ED8-0D71-430E-BCF1-640D816C0230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8790354C-5A4B-4CD3-ACB1-FE5AA0900281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E1B6857F-0990-4083-9876-5DDF5FA473B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "049C39E8-4804-4048-9999-A1EAFD5B910B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C51525BB-5967-4C7F-9188-5E3895B3A2CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DC336F-02E7-4E1C-A8EA-21DEE84A52F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4FB16F-6BFA-4D2A-8D48-1A01154C3F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00400181-FA11-49CE-B932-4F21A8278D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6392F721-9F0D-4BBC-B392-A9C6F14F7F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95F6166A-3856-451D-AFAA-56C5D09752D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0D09BB-8796-40F1-8599-107B9C775C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7550F3D6-4FCC-4AD5-A92D-D984A6824AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "30EAB48D-A728-46FB-92B3-0B97CF85E72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "127C133B-5022-46FB-9D6F-05FB2E83CA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "D3E49A50-3861-4265-BB2B-ABEA50C6DE7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D72B1891-2E24-4DA7-B243-80306866F934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB6BCDC-7207-4895-8746-E40DDD1D5585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0D4EB6-5ED8-4018-A1FE-9BEB6D511830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "627C0FA1-7425-4E6B-92C5-652D4F62ECAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70059F02-B63D-4583-8AD4-769BA648317F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4FCBFB-632A-451E-8A17-C4A8F8A65AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8763BB95-EBF9-40A1-908C-4207D87FE578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC015741-8F99-4F3D-B3F6-07BF23A70DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D1A35DEE-2561-4B4A-BFE0-C443C70175BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "6FBFD00B-5821-400E-A83C-FB0D1C26A4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9AB7BA95-5BEC-4AC6-8F93-5D918D1B31D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAEFE73-F873-4F48-A274-F6CCB40766DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ED8D046-5701-4AD4-BFA6-D186AA596B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "685D86D0-4A37-4B9B-BD70-C1127EA51907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72ABBA-9319-4BFE-8F3B-F6F36F64EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2684097-3082-4612-8E1B-5CA6D2E20E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7981486F-129D-433B-A489-0AB90A2062E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45C3BB16-3D44-43E8-AEF5-3454495F0CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD521388-6E28-427E-9086-79BCEDB1025F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFA21DA-4807-496D-B63A-F95E6E9F39FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87B742D1-4838-4D48-A17A-386E0CF517B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1191E15-DC8D-4D2B-8563-10DFFF60CD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA34CA6-7309-490C-8DB7-7F051F9C3CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E58C7CFD-0135-4D59-8D9D-A12A7BACF387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5FE30C26-028B-41A1-842C-1AF19E551F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "188EA215-8ACA-482F-9283-6780E29B5F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "738B75AC-0AFC-4108-88A1-80EC6D03FBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "99226ADA-A62E-4366-BDD1-1D33BDCA813F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2F1E30E8-484C-4925-9B6F-DD266AC602B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02E0191B-661F-4C60-AC7F-68B95E730013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7922BC86-D318-404B-A39B-8AC9B1AF70BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lxml:lxml:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26BFDC2C-CAFE-4301-903F-31713885EB94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en el m\u00f3dulo lxml.html.clean en lxml anterior a 3.3.5 permite a atacantes remotos realizar ataques de XSS a trav\u00e9s de caracteres de control en la esquema de enlace hacia la funci\u00f3n clean_html."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/184.html\n\n\"CWE-184: Incomplete Blacklist\"",
"id": "CVE-2014-3146",
"lastModified": "2025-12-17T21:15:51.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2014-05-14T19:55:11.653",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/58013"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58744"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59008"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lxml.de/3.3/changes-3.3.5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Apr/210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/58013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…