libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Mar 2023, 18:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp e-series Santricity Web Services Proxy
Fedoraproject Oracle jdk Netapp e-series Santricity Management Plug-ins Netapp cloud Backup Netapp plug-in For Symantec Netbackup Netapp snapmanager Fedoraproject fedora Netapp oncommand Insight Netapp steelstore Cloud Integrated Storage Netapp active Iq Unified Manager Netapp oncommand Workflow Automation Netapp santricity Unified Manager Netapp e-series Santricity Os Controller Netapp Netapp solidfire Opensuse leap Oracle Netapp hci Management Node Netapp e-series Santricity Storage Manager Netapp e-series Santricity Unified Manager Opensuse Netapp element Software |
|
CPE | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:* cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:* cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191017-0001/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html - Third Party Advisory |
Information
Published : 2019-04-10 20:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-11068
Mitre link : CVE-2019-11068
CVE.ORG link : CVE-2019-11068
JSON object : View
Products Affected
netapp
- e-series_santricity_unified_manager
- e-series_santricity_storage_manager
- element_software
- hci_management_node
- active_iq_unified_manager
- cloud_backup
- santricity_unified_manager
- steelstore_cloud_integrated_storage
- oncommand_workflow_automation
- plug-in_for_symantec_netbackup
- oncommand_insight
- e-series_santricity_management_plug-ins
- e-series_santricity_web_services_proxy
- e-series_santricity_os_controller
- snapmanager
- solidfire
debian
- debian_linux
xmlsoft
- libxslt
fedoraproject
- fedora
opensuse
- leap
canonical
- ubuntu_linux
oracle
- jdk
CWE