pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5472b7d22
vuln-list-alt/oval/p10/ALT-PU-2015-1194/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

207 lines
8.7 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20151194",
"Version": "oval:org.altlinux.errata:def:20151194",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2015-1194: package `mediawiki` update to version 1.23.8-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2015-1194",
"RefURL": "https://errata.altlinux.org/ALT-PU-2015-1194",
"Source": "ALTPU"
},
{
"RefID": "CVE-2014-9475",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9475",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9476",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9476",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9477",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9478",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9479",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9480",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9480",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9481",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9481",
"Source": "CVE"
},
{
"RefID": "CVE-2014-9487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9487",
"Source": "CVE"
}
],
"Description": "This update upgrades mediawiki to version 1.23.8-alt2. \nSecurity Fix(es):\n\n * CVE-2014-9475: Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.\n\n * CVE-2014-9476: MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by \"http://en.wikipedia.org.evilsite.example/.\"\n\n * CVE-2014-9477: Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.\n\n * CVE-2014-9478: Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.\n\n * CVE-2014-9479: Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.\n\n * CVE-2014-9480: Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.\n\n * CVE-2014-9481: The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.\n\n * CVE-2014-9487: The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2015-02-21"
},
"Updated": {
"Date": "2015-02-21"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2014-9475",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9475",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9476",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"CWE": "CWE-264",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9476",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9477",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9477",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9478",
"CVSS": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9478",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9479",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9479",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9480",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9480",
"Impact": "Low",
"Public": "20150116"
},
{
"ID": "CVE-2014-9481",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9481",
"Impact": "Low",
"Public": "20200127"
},
{
"ID": "CVE-2014-9487",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-611",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9487",
"Impact": "Critical",
"Public": "20171017"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20151194001",
"Comment": "mediawiki is earlier than 0:1.23.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151194002",
"Comment": "mediawiki-apache2 is earlier than 0:1.23.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151194003",
"Comment": "mediawiki-common is earlier than 0:1.23.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151194004",
"Comment": "mediawiki-mysql is earlier than 0:1.23.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20151194005",
"Comment": "mediawiki-postgresql is earlier than 0:1.23.8-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink