Vulnerability CVE-2016-2098 - CERT Civis.Net

Vulnerability Name:

CVE-2016-2098 (CCN-111173)

Assigned:

2016-02-29

Published:

2016-02-29

Updated:

2019-08-08

Summary:

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

CVSS v3 Severity:

7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-2098

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0790

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0835

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0854

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0867

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0967

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:1146

Source: CCN
Type: RHSA-2016-0454
Important: ror40 security update

Source: CCN
Type: RHSA-2016-0455
Important: ruby193 security update

Source: CCN
Type: RHSA-2016-0456
Important: rh-ror41 security update

Source: CCN
Type: SECTRACK ID: 1035122
Rails Bugs Let Remote Users View Files and Execute Arbitrary Code

Source: CCN
Type: Ruby on Rails Web Site
Rails 4.2.5.2, 4.1.14.2 and 3.2.22.2 have been released!

Source: CONFIRM
Type: Patch, Vendor Advisory
http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

Source: DEBIAN
Type: UNKNOWN
DSA-3509

Source: CCN
Type: IBM Security Bulletin 1979720 (BigFix family)
Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-2097, CVE-2016-2098)

Source: CCN
Type: IBM Security Bulletin 1984666 (License Metric Tool)
Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)

Source: BID
Type: UNKNOWN
83725

Source: SECTRACK
Type: UNKNOWN
1035122

Source: XF
Type: UNKNOWN
rails-cve20162098-code-exec(111173)

Source: MLIST
Type: UNKNOWN
[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack

Source: CCN
Type: Packet Storm Security [07-09-2016]
Ruby On Rails ActionPack Inline ERB Code Execution

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-11-2016]

Source: EXPLOIT-DB
Type: UNKNOWN
40086

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*

OR cpe:/a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*

OR cpe:/a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:* (Version <= 3.2.22.1)

OR cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20162098	V	CVE-2016-2098	2022-06-30
oval:org.opensuse.security:def:7	P	apr-util-devel-1.6.1-16.43 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:8	P	audit-devel-2.8.5-3.43 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:20	P	bubblewrap-0.4.1-1.16 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:21	P	bzip2-1.0.6-5.9.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:113353	P	ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:113352	P	ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:55993	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:106760	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:106759	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:55275	P	Security update for xen (Moderate)	2021-11-29
oval:org.opensuse.security:def:57108	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:55958	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:67544	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:67543	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:13863	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13992	P	openvpn-2.3.8-16.6.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14085	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14745	P	python-doc-2.7.13-28.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13816	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13899	P	libfreetype6-2.6.3-7.8.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14723	P	pam_ssh-2.0-1.39 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14072	P	yast2-users-3.1.57-16.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13880	P	libXtst6-1.2.2-3.59 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14017	P	python-libxml2-2.9.4-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14061	P	xen-4.7.0_12-23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:57976	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:38206	P	Security update for libsndfile (Critical)	2021-07-27
oval:org.opensuse.security:def:38116	P	Security update for curl (Moderate)	2021-06-30
oval:org.opensuse.security:def:38425	P	Security update for SUSE Manager Client Tools (Important)	2021-06-21
oval:org.opensuse.security:def:57952	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:70896	P	elfutils-0.168-2.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13748	P	wpa_supplicant-2.2-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13718	P	rsyslog-8.4.0-8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70897	P	emacs-25.3-1.124 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70784	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:13726	P	squid-3.3.13-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70783	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:57902	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55170	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:38366	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:55310	P	Security update for sudo (Important)	2021-03-24
oval:org.opensuse.security:def:39265	P	Security update for openldap2 (Important)	2021-03-04
oval:org.opensuse.security:def:57559	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:57002	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:55827	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:55135	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:57833	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:96506	P	ruby2.5-rubygem-actionview-5_1-5.1.4-1.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89541	P	ruby2.5-rubygem-actionview-5_1-5.1.4-1.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103195	P	ruby2.5-rubygem-actionpack-5_1-5.1.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103196	P	ruby2.5-rubygem-actionview-5_1-5.1.4-1.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:96505	P	ruby2.5-rubygem-actionpack-5_1-5.1.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89540	P	ruby2.5-rubygem-actionpack-5_1-5.1.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:56428	P	Security update for librsvg (Low)	2020-12-01
oval:org.opensuse.security:def:56478	P	Security update for wget (Important)	2020-12-01
oval:org.opensuse.security:def:28381	P	Security update for rubygem-actionpack-3_2 (Important)	2020-12-01
oval:org.opensuse.security:def:27136	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64109	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:56451	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:56671	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:55148	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27358	P	LibVNCServer-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56555	P	Security update for libevent (Moderate)	2020-12-01
oval:org.opensuse.security:def:37725	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38513	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64197	P	ruby2.5-rubygem-actionview-5_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55548	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:27611	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:67444	P	Security update for SUSE Manager Server 4.1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28346	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:37737	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26933	P	krb5-plugin-kdb-ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55792	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:27664	P	Security update for rubygem-actionpack-2_3	2020-12-01
oval:org.opensuse.security:def:38059	P	rzsz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57759	P	libIlmImf-Imf_2_1-21 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56351	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:64110	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27008	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56429	P	Security update for libsoup (Important)	2020-12-01
oval:org.opensuse.security:def:56590	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:55112	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27274	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56517	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26932	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56829	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:38474	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27562	P	rubygem-rack-ssl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57274	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:38585	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37726	P	apache-commons-beanutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55686	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27650	P	Security update for Mozilla NSS	2020-12-01
oval:org.opensuse.security:def:37958	P	libsmi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56386	P	Security update for libcdio (Moderate)	2020-12-01
oval:org.opensuse.security:def:56243	P	Security update for libXpm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26944	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57871	P	libxcb-dri2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55147	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56552	P	Security update for libofx (Important)	2020-12-01
oval:org.opensuse.security:def:27217	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56443	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:56591	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:39223	P	openconnect on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27509	P	libyaml-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56636	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:55113	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38541	P	apache-commons-beanutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55721	P	Security update for openssh (Critical)	2020-12-01
oval:org.opensuse.security:def:64196	P	ruby2.5-rubygem-actionpack-5_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55513	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:57667	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67443	P	Security update for SUSE Manager Proxy 4.1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:37821	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56278	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27708	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:80611	P	Security update for the Ruby on Rails stack (Moderate)	2017-10-12
oval:org.cisecurity:def:551	P	DSA-3509-1 -- rails -- security update	2016-07-01
oval:com.ubuntu.artful:def:20162098000	V	CVE-2016-2098 on Ubuntu 17.10 (artful) - medium.	2016-04-07
oval:com.ubuntu.disco:def:201620980000000	V	CVE-2016-2098 on Ubuntu 19.04 (disco) - medium.	2016-04-07
oval:com.ubuntu.trusty:def:20162098000	V	CVE-2016-2098 on Ubuntu 14.04 LTS (trusty) - medium.	2016-04-07
oval:com.ubuntu.cosmic:def:201620980000000	V	CVE-2016-2098 on Ubuntu 18.10 (cosmic) - medium.	2016-04-07
oval:com.ubuntu.bionic:def:20162098000	V	CVE-2016-2098 on Ubuntu 18.04 LTS (bionic) - medium.	2016-04-07
oval:com.ubuntu.xenial:def:20162098000	V	CVE-2016-2098 on Ubuntu 16.04 LTS (xenial) - medium.	2016-04-07
oval:com.ubuntu.bionic:def:201620980000000	V	CVE-2016-2098 on Ubuntu 18.04 LTS (bionic) - medium.	2016-04-07
oval:com.ubuntu.cosmic:def:20162098000	V	CVE-2016-2098 on Ubuntu 18.10 (cosmic) - medium.	2016-04-07
oval:com.ubuntu.xenial:def:201620980000000	V	CVE-2016-2098 on Ubuntu 16.04 LTS (xenial) - medium.	2016-04-07
oval:com.ubuntu.precise:def:20162098000	V	CVE-2016-2098 on Ubuntu 12.04 LTS (precise) - medium.	2016-04-07