DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-36222", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-36222", "description": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "published": "2021-07-22T18:15:00", "modified": "2021-11-28T23:19:00", "epss": [{"cve": "CVE-2021-36222", "epss": 0.00269, "percentile": 0.62922, "modified": "2023-05-23"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36222", "reporter": "cve@mitre.org", "references": ["https://github.com/krb5/krb5/releases", "https://web.mit.edu/kerberos/advisories/", "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562", "https://www.debian.org/security/2021/dsa-4944", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://security.netapp.com/advisory/ntap-20211022-0003/", "https://security.netapp.com/advisory/ntap-20211104-0007/"], "cvelist": ["CVE-2021-36222"], "immutableFields": [], "lastseen": "2023-05-23T15:34:17", "viewCount": 247, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3576"]}, {"type": "altlinux", "idList": ["4E38E80E246214630AB0170F8822E34B", "B9925885902E8FADC6A2692C22AF3B24"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A9FC68450FD5C662826D59FF602CBEE5"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4944-1:B2B8F", "DEBIAN:DSA-4944-1:C849C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-36222"]}, {"type": "fedora", "idList": ["FEDORA:B5FA731A66B6", "FEDORA:C24673131F53"]}, {"type": "freebsd", "idList": ["C9387E4D-2F5F-11EC-8BE6-D4C9EF517024"]}, {"type": "ibm", "idList": ["97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2021-3576.NASL", "CENTOS8_RHSA-2021-3576.NASL", "DEBIAN_DSA-4944.NASL", "EULEROS_SA-2021-2466.NASL", "EULEROS_SA-2021-2689.NASL", "EULEROS_SA-2021-2714.NASL", "EULEROS_SA-2021-2743.NASL", "EULEROS_SA-2021-2777.NASL", "EULEROS_SA-2022-1071.NASL", "MYSQL_8_0_27.NASL", "OPENSUSE-2021-1182.NASL", "OPENSUSE-2021-2800.NASL", "OPENSUSE-2022-0283-1.NASL", "ORACLELINUX_ELSA-2021-3576.NASL", "PHOTONOS_PHSA-2021-3_0-0342_KRB5.NASL", "REDHAT-RHSA-2021-3576.NASL", "SUSE_SU-2021-2800-1.NASL", "SUSE_SU-2022-0283-1.NASL", "SUSE_SU-2022-1396-1.NASL", "SUSE_SU-2022-2134-1.NASL", "SUSE_SU-2022-4428-1.NASL", "SUSE_SU-2022-4437-1.NASL", "UBUNTU_USN-5959-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3576"]}, {"type": "osv", "idList": ["OSV:DSA-4944-1"]}, {"type": "photon", "idList": ["PHSA-2021-0139", "PHSA-2021-0455", "PHSA-2021-3.0-0342", "PHSA-2021-4.0-0139", "PHSA-2022-3.0-0342"]}, {"type": "redhat", "idList": ["RHSA-2021:3576", "RHSA-2021:3653", "RHSA-2021:3851", "RHSA-2021:3873", "RHSA-2021:3917", "RHSA-2021:3925", "RHSA-2021:3949", "RHSA-2021:4104", "RHSA-2021:4618", "RHSA-2021:4725", "RHSA-2021:4848", "RHSA-2021:4914", "RHSA-2022:0056", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36222"]}, {"type": "rocky", "idList": ["RLSA-2021:3576"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1182-1", "OPENSUSE-SU-2021:2800-1", "OPENSUSE-SU-2022:0283-1", "SUSE-SU-2022:1396-1"]}, {"type": "ubuntu", "idList": ["USN-5959-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-36222"]}, {"type": "veracode", "idList": ["VERACODE:31376"]}]}, "score": {"value": 5.7, "vector": "NONE"}, "twitter": {"counter": 9, "modified": "2021-08-03T07:52:26", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1422294979699937286", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-36222 (debian_linux, kerberos_5)) has been published on https://t.co/gLnnQ1aefz?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1422294985303642120", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-36222 (debian_linux, kerberos_5)) has been published on https://t.co/B6ZVZN0Rry?amp=1"}, {"link": "https://twitter.com/GrupoICA_Ciber/status/1422466014588121107", "text": "DEBIAN\nM\u00faltiples vulnerabilidades de severidad alta en productos DEBIAN: \n\nCVE-2021-35063,CVE-2021-36222\n\nM\u00e1s info en: https://t.co/Lbkt6LU9im?amp=1\n/hashtag/ciberseguridad?src=hashtag_click /hashtag/grupoica?src=hashtag_click /hashtag/debian?src=hashtag_click"}, {"link": "https://twitter.com/management_sun/status/1419472638854918147", "text": "IT Risk:Debian.krb5\u306b\u8106\u5f31\u6027\nDebian GNU/Linux / UNIX variants (UNIX, Linux, OSX) /Windows\nCVE-2021-36222 \nhttps://t.co/110HQixYS6?amp=1\nhttps://t.co/z3Zys72ewf?amp=1"}, {"link": "https://twitter.com/management_sun/status/1429588012086611971", "text": "IT Risk:Vulnerability in SUSE.krb5\nCVE-2021-36222 \nhttps://t.co/0J25yCC1mh?amp=1\nhttps://t.co/ygXudxYhkk?amp=1"}, {"link": "https://twitter.com/management_sun/status/1419472717644849152", "text": "IT Risk: Debian.krb5 Vulnerability\nDebian GNU/Linux / UNIX variants (UNIX, Linux, OSX) /Windows\nCVE-2021-36222 \nhttps://t.co/110HQixYS6?amp=1\nhttps://t.co/z3Zys72ewf?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1418803196605108225", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-36222) has been published on https://t.co/i1vHESZ9K2?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1418803196605108225", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-36222) has been published on https://t.co/i1vHESZ9K2?amp=1"}, {"link": "https://twitter.com/management_sun/status/1429587987629711361", "text": "IT Risk:SUSE.krb5\u306b\u8106\u5f31\u6027\nCVE-2021-36222 \nhttps://t.co/0J25yCC1mh?amp=1\nhttps://t.co/ygXudxYhkk?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3576"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4944-1:C849C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-36222"]}, {"type": "fedora", "idList": ["FEDORA:B5FA731A66B6", "FEDORA:C24673131F53"]}, {"type": "freebsd", "idList": ["C9387E4D-2F5F-11EC-8BE6-D4C9EF517024"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-3576.NASL", "DEBIAN_DSA-4944.NASL", "EULEROS_SA-2021-2466.NASL", "ORACLELINUX_ELSA-2021-3576.NASL", "PHOTONOS_PHSA-2021-3_0-0342_KRB5.NASL", "REDHAT-RHSA-2021-3576.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3576"]}, {"type": "photon", "idList": ["PHSA-2022-3.0-0342"]}, {"type": "redhat", "idList": ["RHSA-2021:4725"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-36222"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1182-1", "OPENSUSE-SU-2021:2800-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-36222"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-36222", "epss": 0.00269, "percentile": 0.62888, "modified": "2023-05-07"}], "vulnersScore": 5.7}, "_state": {"dependencies": 1684860795, "score": 1684856303, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "ae5de72dab03a5a03b3955bd39a36b2f"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:netapp:oncommand_insight:-", "cpe:/a:oracle:mysql_server:8.0.26", "cpe:/a:netapp:active_iq_unified_manager:-", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:netapp:snapcenter:-"], "cpe23": ["cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:oracle:mysql_server:8.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"], "cwe": ["CWE-476"], "affectedSoftware": [{"cpeName": "mit:kerberos_5", "version": "1.19.2", "operator": "lt", "name": "mit kerberos 5"}, {"cpeName": "mit:kerberos_5", "version": "1.18.4", "operator": "lt", "name": "mit kerberos 5"}, {"cpeName": "debian:debian_linux", "version": "10.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "netapp:snapcenter", "version": "-", "operator": "eq", "name": "netapp snapcenter"}, {"cpeName": "netapp:oncommand_workflow_automation", "version": "-", "operator": "eq", "name": "netapp oncommand workflow automation"}, {"cpeName": "netapp:oncommand_insight", "version": "-", "operator": "eq", "name": "netapp oncommand insight"}, {"cpeName": "netapp:active_iq_unified_manager", "version": "-", "operator": "eq", "name": "netapp active iq unified manager"}, {"cpeName": "oracle:mysql_server", "version": "8.0.26", "operator": "le", "name": "oracle mysql server"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.19.2:*:*:*:*:*:*:*", "versionStartIncluding": "1.19.0", "versionEndExcluding": "1.19.2", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.18.4:*:*:*:*:*:*:*", "versionEndExcluding": "1.18.4", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:8.0.26:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.26", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/krb5/krb5/releases", "name": "https://github.com/krb5/krb5/releases", "refsource": "MISC", "tags": ["Release Notes", "Third Party Advisory"]}, {"url": "https://web.mit.edu/kerberos/advisories/", "name": "https://web.mit.edu/kerberos/advisories/", "refsource": "MISC", "tags": ["Not Applicable"]}, {"url": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562", "name": "https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562", "refsource": "CONFIRM", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://www.debian.org/security/2021/dsa-4944", "name": "DSA-4944", "refsource": "DEBIAN", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20211022-0003/", "name": "https://security.netapp.com/advisory/ntap-20211022-0003/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20211104-0007/", "name": "https://security.netapp.com/advisory/ntap-20211104-0007/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Netapp", "product": "Oncommand_workflow_automation"}, {"vendor": "Netapp", "product": "Active_iq_unified_manager"}, {"vendor": "Mit", "product": "Kerberos_5"}, {"vendor": "Netapp", "product": "Oncommand_insight"}, {"vendor": "Netapp", "product": "Snapcenter"}, {"vendor": "Oracle", "product": "Mysql_server"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": [], "assigned": "1976-01-01T00:00:00"}

{"prion": [{"lastseen": "2023-08-16T06:18:29", "description": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-22T18:15:00", "type": "prion", "title": "CVE-2021-36222", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-11-28T23:19:00", "id": "PRION:CVE-2021-36222", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-05-23T16:36:14", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-14T01:21:27", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: krb5-1.19.1-14.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-14T01:21:27", "id": "FEDORA:B5FA731A66B6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CCCYLGJLCVVNJVOQKUGKXR2SNQIPFBFS/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-23T16:36:15", "description": "Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-21T01:15:38", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: krb5-1.18.2-30.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-21T01:15:38", "id": "FEDORA:C24673131F53", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FXO2RMANKAFCHYZB2DUHXIYIHVD26JDB/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:20:10", "description": "\nIt was discovered that the Key Distribution Center (KDC) in krb5, the\nMIT implementation of Kerberos, is prone to a NULL pointer dereference\nflaw. An unauthenticated attacker can take advantage of this flaw to\ncause a denial of service (KDC crash) by sending a request containing a\nPA-ENCRYPTED-CHALLENGE padata element without using FAST.\n\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.17-3+deb10u2.\n\n\nWe recommend that you upgrade your krb5 packages.\n\n\nFor the detailed security status of krb5 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/krb5](https://security-tracker.debian.org/tracker/krb5)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-25T00:00:00", "type": "osv", "title": "krb5 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2022-08-10T07:20:09", "id": "OSV:DSA-4944-1", "href": "https://osv.dev/vulnerability/DSA-4944-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-11-28T08:54:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 25, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : krb5\nCVE ID : CVE-2021-36222\nDebian Bug : 991365\n\nIt was discovered that the Key Distribution Center (KDC) in krb5, the\nMIT implementation of Kerberos, is prone to a NULL pointer dereference\nflaw. An unauthenticated attacker can take advantage of this flaw to\ncause a denial of service (KDC crash) by sending a request containing a\nPA-ENCRYPTED-CHALLENGE padata element without using FAST.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.17-3+deb10u2.\n\nWe recommend that you upgrade your krb5 packages.\n\nFor the detailed security status of krb5 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/krb5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-25T07:27:47", "type": "debian", "title": "[SECURITY] [DSA 4944-1] krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-25T07:27:47", "id": "DEBIAN:DSA-4944-1:B2B8F", "href": "https://lists.debian.org/debian-security-announce/2021/msg00127.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-25T14:26:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4944-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 25, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : krb5\nCVE ID : CVE-2021-36222\nDebian Bug : 991365\n\nIt was discovered that the Key Distribution Center (KDC) in krb5, the\nMIT implementation of Kerberos, is prone to a NULL pointer dereference\nflaw. An unauthenticated attacker can take advantage of this flaw to\ncause a denial of service (KDC crash) by sending a request containing a\nPA-ENCRYPTED-CHALLENGE padata element without using FAST.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.17-3+deb10u2.\n\nWe recommend that you upgrade your krb5 packages.\n\nFor the detailed security status of krb5 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/krb5\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-25T07:27:47", "type": "debian", "title": "[SECURITY] [DSA 4944-1] krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-25T07:27:47", "id": "DEBIAN:DSA-4944-1:C849C", "href": "https://lists.debian.org/debian-security-announce/2021/msg00127.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-17T13:01:03", "description": "krb5 is vulnerable to denial of service. A NULL pointer dereference in the `ec_verify` function in `kdc/kdc_preauth_ec.c` allows remote attackers to cause a NULL pointer dereference and daemon crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-26T15:41:13", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-11-29T02:10:47", "id": "VERACODE:31376", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31376/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "altlinux": [{"lastseen": "2022-06-10T03:04:24", "description": "1.19.2-alt1 built July 26, 2021 Ivan A. Melnikov in task [#280684](<https://git.altlinux.org/tasks/280684/>) \n--- \nJuly 25, 2021 Ivan A. Melnikov \n \n \n - 1.19.2 (Fixes: CVE-2021-36222)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-26T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package krb5 version 1.19.2-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-26T00:00:00", "id": "B9925885902E8FADC6A2692C22AF3B24", "href": "https://packages.altlinux.org/en/p10/srpms/krb5/2693756007669034176", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:40:14", "description": "1.17.2-alt2 built July 28, 2021 Ivan A. Melnikov in task #280683\n\nJuly 25, 2021 Ivan A. Melnikov\n \n \n - Backport fixes from 1.18.4 (Fixes: CVE-2021-36222)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-28T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt2", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-28T00:00:00", "id": "4E38E80E246214630AB0170F8822E34B", "href": "https://packages.altlinux.org/en/p9/srpms/krb5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-06-09T15:56:26", "description": "According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2021-2466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222"], "modified": "2022-07-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5-devel", "p-cpe:/a:huawei:euleros:krb5-libs", "p-cpe:/a:huawei:euleros:krb5-pkinit", "p-cpe:/a:huawei:euleros:krb5-server", "p-cpe:/a:huawei:euleros:krb5-server-ldap", "p-cpe:/a:huawei:euleros:krb5-workstation", "p-cpe:/a:huawei:euleros:libkadm5", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2466.NASL", "href": "https://www.tenable.com/plugins/nessus/153650", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153650);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2021-2466)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2466\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a06efd5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libkadm5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-devel-1.16.1-21.h6.eulerosv2r8\",\n \"krb5-libs-1.16.1-21.h6.eulerosv2r8\",\n \"krb5-pkinit-1.16.1-21.h6.eulerosv2r8\",\n \"krb5-server-1.16.1-21.h6.eulerosv2r8\",\n \"krb5-server-ldap-1.16.1-21.h6.eulerosv2r8\",\n \"krb5-workstation-1.16.1-21.h6.eulerosv2r8\",\n \"libkadm5-1.16.1-21.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-09T15:53:46", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-4944 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-25T00:00:00", "type": "nessus", "title": "Debian DSA-4944-1 : krb5 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222"], "modified": "2022-07-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:krb5-admin-server", "p-cpe:/a:debian:debian_linux:krb5-doc", "p-cpe:/a:debian:debian_linux:krb5-gss-samples", "p-cpe:/a:debian:debian_linux:krb5-k5tls", "p-cpe:/a:debian:debian_linux:krb5-kdc", "p-cpe:/a:debian:debian_linux:krb5-kdc-ldap", "p-cpe:/a:debian:debian_linux:krb5-kpropd", "p-cpe:/a:debian:debian_linux:krb5-locales", "p-cpe:/a:debian:debian_linux:krb5-multidev", "p-cpe:/a:debian:debian_linux:krb5-otp", "p-cpe:/a:debian:debian_linux:krb5-pkinit", "p-cpe:/a:debian:debian_linux:krb5-user", "p-cpe:/a:debian:debian_linux:libgssapi-krb5-2", "p-cpe:/a:debian:debian_linux:libgssrpc4", "p-cpe:/a:debian:debian_linux:libk5crypto3", "p-cpe:/a:debian:debian_linux:libkadm5clnt-mit11", "p-cpe:/a:debian:debian_linux:libkadm5srv-mit11", "p-cpe:/a:debian:debian_linux:libkdb5-9", "p-cpe:/a:debian:debian_linux:libkrad-dev", "p-cpe:/a:debian:debian_linux:libkrad0", "p-cpe:/a:debian:debian_linux:libkrb5-3", "p-cpe:/a:debian:debian_linux:libkrb5-dbg", "p-cpe:/a:debian:debian_linux:libkrb5-dev", "p-cpe:/a:debian:debian_linux:libkrb5support0", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4944.NASL", "href": "https://www.tenable.com/plugins/nessus/152068", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4944. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152068);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"Debian DSA-4944-1 : krb5 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-4944\nadvisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/krb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/krb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the krb5 packages.\n\nFor the stable distribution (buster), this problem has been fixed in version 1.17-3+deb10u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-gss-samples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-k5tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-kpropd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-multidev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkadm5clnt-mit11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkadm5srv-mit11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdb5-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrad-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrad0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrb5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrb5support0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'krb5-admin-server', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-doc', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-gss-samples', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-k5tls', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-kdc', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-kdc-ldap', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-kpropd', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-locales', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-multidev', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-otp', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-pkinit', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'krb5-user', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libgssapi-krb5-2', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libgssrpc4', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libk5crypto3', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkadm5clnt-mit11', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkadm5srv-mit11', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkdb5-9', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrad-dev', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrad0', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrb5-3', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrb5-dbg', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrb5-dev', 'reference': '1.17-3+deb10u2'},\n {'release': '10.0', 'prefix': 'libkrb5support0', 'reference': '1.17-3+deb10u2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-admin-server / krb5-doc / krb5-gss-samples / krb5-k5tls / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:37:10", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2800-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:2800-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222"], "modified": "2022-07-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-mini", "p-cpe:/a:novell:opensuse:krb5-mini-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-server", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2800.NASL", "href": "https://www.tenable.com/plugins/nessus/152724", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2800-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152724);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:2800-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:2800-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22SNDEWZFK4UZGGV35YI72FNLVIRJTIF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5d0664a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'krb5-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-client-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-32bit-1.16.3-3.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-devel-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.16.3-3.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-devel-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:37:58", "description": "The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2800-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-21T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2021:2800-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:krb5", "p-cpe:/a:novell:suse_linux:krb5-32bit", "p-cpe:/a:novell:suse_linux:krb5-client", "p-cpe:/a:novell:suse_linux:krb5-devel", "p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:suse_linux:krb5-server", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2800-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152707", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2800-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152707);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-36222\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2800-1\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2021:2800-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2021:2800-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009316.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?301f2e14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-32bit-1.16.3-3.21.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.2']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.2']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'krb5-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-client-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-devel-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'krb5-server-1.16.3-3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-plugin-kdb-ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:37:56", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1182-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:1182-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222"], "modified": "2022-07-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:krb5", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-mini", "p-cpe:/a:novell:opensuse:krb5-mini-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-server", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1182.NASL", "href": "https://www.tenable.com/plugins/nessus/152756", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1182-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152756);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:1182-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1182-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5YD36VO3UYG3QGTYXP2IABP7W52ZZE6X/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?522c5658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'krb5-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-32bit-1.16.3-lp152.5.19.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-client-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-32bit-1.16.3-lp152.5.19.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-devel-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-kdb-ldap-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-otp-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-pkinit-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.16.3-lp152.5.19.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-devel-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:34:00", "description": "According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2021-2714)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5", "p-cpe:/a:huawei:euleros:krb5-client", "p-cpe:/a:huawei:euleros:krb5-libs", "p-cpe:/a:huawei:euleros:krb5-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2714.NASL", "href": "https://www.tenable.com/plugins/nessus/155121", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155121);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2021-2714)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2714\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7b6e7cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-1.18-1.h9.eulerosv2r9\",\n \"krb5-client-1.18-1.h9.eulerosv2r9\",\n \"krb5-libs-1.18-1.h9.eulerosv2r9\",\n \"krb5-server-1.18-1.h9.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-04T15:02:14", "description": "According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : krb5 (EulerOS-SA-2022-1071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5-devel", "p-cpe:/a:huawei:euleros:krb5-libs", "p-cpe:/a:huawei:euleros:krb5-pkinit", "p-cpe:/a:huawei:euleros:krb5-server", "p-cpe:/a:huawei:euleros:krb5-server-ldap", "p-cpe:/a:huawei:euleros:krb5-workstation", "p-cpe:/a:huawei:euleros:libkadm5", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/158025", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158025);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : krb5 (EulerOS-SA-2022-1071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1071\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?713f72fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libkadm5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-devel-1.16.1-21.h7.eulerosv2r8\",\n \"krb5-libs-1.16.1-21.h7.eulerosv2r8\",\n \"krb5-pkinit-1.16.1-21.h7.eulerosv2r8\",\n \"krb5-server-1.16.1-21.h7.eulerosv2r8\",\n \"krb5-server-ldap-1.16.1-21.h7.eulerosv2r8\",\n \"krb5-workstation-1.16.1-21.h7.eulerosv2r8\",\n \"libkadm5-1.16.1-21.h7.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:33:54", "description": "According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2021-2689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5", "p-cpe:/a:huawei:euleros:krb5-client", "p-cpe:/a:huawei:euleros:krb5-libs", "p-cpe:/a:huawei:euleros:krb5-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2689.NASL", "href": "https://www.tenable.com/plugins/nessus/155129", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155129);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2021-2689)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2689\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4242a21f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-1.18-1.h9.eulerosv2r9\",\n \"krb5-client-1.18-1.h9.eulerosv2r9\",\n \"krb5-libs-1.18-1.h9.eulerosv2r9\",\n \"krb5-server-1.18-1.h9.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-04T15:05:51", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3576 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : krb5 (ALSA-2021:3576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:alma:linux:krb5-devel", "p-cpe:/a:alma:linux:krb5-libs", "p-cpe:/a:alma:linux:krb5-pkinit", "p-cpe:/a:alma:linux:krb5-server", "p-cpe:/a:alma:linux:krb5-server-ldap", "p-cpe:/a:alma:linux:krb5-workstation", "p-cpe:/a:alma:linux:libkadm5", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-3576.NASL", "href": "https://www.tenable.com/plugins/nessus/157471", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:3576.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157471);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"ALSA\", value:\"2021:3576\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n\n script_name(english:\"AlmaLinux 8 : krb5 (ALSA-2021:3576)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:3576 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-3576.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libkadm5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-devel / krb5-libs / krb5-pkinit / krb5-server / krb5-server-ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:42:44", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3576 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-23T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : krb5 (ELSA-2021-3576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:krb5-devel", "p-cpe:/a:oracle:linux:krb5-libs", "p-cpe:/a:oracle:linux:krb5-pkinit", "p-cpe:/a:oracle:linux:krb5-server", "p-cpe:/a:oracle:linux:krb5-server-ldap", "p-cpe:/a:oracle:linux:krb5-workstation", "p-cpe:/a:oracle:linux:libkadm5"], "id": "ORACLELINUX_ELSA-2021-3576.NASL", "href": "https://www.tenable.com/plugins/nessus/153574", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-3576.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153574);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"Oracle Linux 8 : krb5 (ELSA-2021-3576)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-3576 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-3576.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libkadm5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-devel / krb5-libs / krb5-pkinit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T18:02:21", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5959-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-16T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Kerberos vulnerabilities (USN-5959-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2023-03-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server", "p-cpe:/a:canonical:ubuntu_linux:krb5-gss-samples", "p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc", "p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap", "p-cpe:/a:canonical:ubuntu_linux:krb5-kpropd", "p-cpe:/a:canonical:ubuntu_linux:krb5-locales", "p-cpe:/a:canonical:ubuntu_linux:krb5-multidev", "p-cpe:/a:canonical:ubuntu_linux:krb5-otp", "p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit", "p-cpe:/a:canonical:ubuntu_linux:krb5-user", "p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2", "p-cpe:/a:canonical:ubuntu_linux:libgssrpc4", "p-cpe:/a:canonical:ubuntu_linux:libk5crypto3", "p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit11", "p-cpe:/a:canonical:ubuntu_linux:libkadm5srv-mit11", "p-cpe:/a:canonical:ubuntu_linux:libkdb5-9", "p-cpe:/a:canonical:ubuntu_linux:libkrad-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrad0", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-3", "p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev", "p-cpe:/a:canonical:ubuntu_linux:libkrb5support0"], "id": "UBUNTU_USN-5959-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172631", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5959-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172631);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/16\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"USN\", value:\"5959-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Kerberos vulnerabilities (USN-5959-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5959-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5959-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-admin-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-gss-samples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-k5tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kdc-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-kpropd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-multidev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:krb5-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssapi-krb5-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgssrpc4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libk5crypto3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt-mit11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkadm5srv-mit11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkdb5-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrad-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrad0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5support0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'krb5-admin-server', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-gss-samples', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-k5tls', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-kdc', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-kdc-ldap', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-kpropd', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-locales', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-multidev', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-otp', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-pkinit', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'krb5-user', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libgssapi-krb5-2', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libgssrpc4', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libk5crypto3', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkadm5clnt-mit11', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkadm5srv-mit11', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkdb5-9', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkrad-dev', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkrad0', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkrb5-3', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkrb5-dev', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '18.04', 'pkgname': 'libkrb5support0', 'pkgver': '1.16-2ubuntu0.4'},\n {'osver': '20.04', 'pkgname': 'krb5-admin-server', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-gss-samples', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-k5tls', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-kdc', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-kdc-ldap', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-kpropd', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-locales', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-multidev', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-otp', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-pkinit', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'krb5-user', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libgssapi-krb5-2', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libgssrpc4', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libk5crypto3', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkadm5clnt-mit11', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkadm5srv-mit11', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkdb5-9', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkrad-dev', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkrad0', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkrb5-3', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkrb5-dev', 'pkgver': '1.17-6ubuntu4.3'},\n {'osver': '20.04', 'pkgname': 'libkrb5support0', 'pkgver': '1.17-6ubuntu4.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-admin-server / krb5-gss-samples / krb5-k5tls / krb5-kdc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:40:27", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3576 advisory.\n\n - krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n - krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-21T00:00:00", "type": "nessus", "title": "RHEL 8 : krb5 (RHSA-2021:3576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:krb5-devel", "p-cpe:/a:redhat:enterprise_linux:krb5-libs", "p-cpe:/a:redhat:enterprise_linux:krb5-pkinit", "p-cpe:/a:redhat:enterprise_linux:krb5-server", "p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap", "p-cpe:/a:redhat:enterprise_linux:krb5-workstation", "p-cpe:/a:redhat:enterprise_linux:libkadm5"], "id": "REDHAT-RHSA-2021-3576.NASL", "href": "https://www.tenable.com/plugins/nessus/153518", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3576. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153518);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"RHSA\", value:\"2021:3576\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"RHEL 8 : krb5 (RHSA-2021:3576)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3576 advisory.\n\n - krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result\n in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n - krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks\n server field (CVE-2021-37750)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1983720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1996834\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libkadm5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-devel / krb5-libs / krb5-pkinit / krb5-server / krb5-server-ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T15:40:27", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3576 advisory.\n\n - krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n - krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-23T00:00:00", "type": "nessus", "title": "CentOS 8 : krb5 (CESA-2021:3576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:krb5-devel", "p-cpe:/a:centos:centos:krb5-libs", "p-cpe:/a:centos:centos:krb5-pkinit", "p-cpe:/a:centos:centos:krb5-server", "p-cpe:/a:centos:centos:krb5-server-ldap", "p-cpe:/a:centos:centos:krb5-workstation", "p-cpe:/a:centos:centos:libkadm5"], "id": "CENTOS8_RHSA-2021-3576.NASL", "href": "https://www.tenable.com/plugins/nessus/153590", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:3576. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153590);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/19\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"RHSA\", value:\"2021:3576\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"CentOS 8 : krb5 (CESA-2021:3576)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:3576 advisory.\n\n - krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result\n in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n - krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks\n server field (CVE-2021-37750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3576\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:krb5-workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libkadm5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-libs-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-pkinit-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-ldap-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-workstation-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libkadm5-1.18.2-8.3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5-devel / krb5-libs / krb5-pkinit / krb5-server / krb5-server-ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:34:33", "description": "According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : krb5 (EulerOS-SA-2021-2777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5", "p-cpe:/a:huawei:euleros:krb5-libs", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2777.NASL", "href": "https://www.tenable.com/plugins/nessus/155520", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155520);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : krb5 (EulerOS-SA-2021-2777)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d5c00d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-1.18-1.h9.eulerosv2r9\",\n \"krb5-libs-1.18-1.h9.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:34:06", "description": "According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : krb5 (EulerOS-SA-2021-2743)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-07-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:krb5", "p-cpe:/a:huawei:euleros:krb5-libs", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2743.NASL", "href": "https://www.tenable.com/plugins/nessus/155477", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155477);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/04\");\n\n script_cve_id(\"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : krb5 (EulerOS-SA-2021-2743)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2743\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f511ee4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected krb5 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:krb5-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"krb5-1.18-1.h9.eulerosv2r9\",\n \"krb5-libs-1.18-1.h9.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"krb5\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:13:37", "description": "An update of the krb5 package has been released.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. (CVE-2020-28196)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)", "cvss3": {}, "published": "2022-01-10T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Krb5 PHSA-2021-3.0-0342", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28196", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:krb5", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0342_KRB5.NASL", "href": "https://www.tenable.com/plugins/nessus/156583", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0342. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156583);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-28196\", \"CVE-2021-36222\", \"CVE-2021-37750\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Photon OS 3.0: Krb5 PHSA-2021-3.0-0342\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the krb5 package has been released.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an\n ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths\n lacks a recursion limit. (CVE-2020-28196)\n\n - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has\n a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.\n (CVE-2021-37750)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-342.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36222\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'krb5-1.17-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'krb5-devel-1.17-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'krb5-lang-1.17-2.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'krb5');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:37:31", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : samba (openSUSE-SU-2022:0283-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27840", "CVE-2021-20277", "CVE-2021-20316", "CVE-2021-36222", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_apparmor", "p-cpe:/a:novell:opensuse:apparmor-abstractions", "p-cpe:/a:novell:opensuse:apparmor-parser", "p-cpe:/a:novell:opensuse:apparmor-parser-lang", "p-cpe:/a:novell:opensuse:apparmor-profiles", "p-cpe:/a:novell:opensuse:apparmor-utils", "p-cpe:/a:novell:opensuse:apparmor-utils-lang", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:krb5", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-mini", "p-cpe:/a:novell:opensuse:krb5-mini-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-spake", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:ldb-tools", "p-cpe:/a:novell:opensuse:libapparmor-devel", "p-cpe:/a:novell:opensuse:libapparmor1", "p-cpe:/a:novell:opensuse:libapparmor1-32bit", "p-cpe:/a:novell:opensuse:libipa_hbac-devel", "p-cpe:/a:novell:opensuse:libipa_hbac0", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb2", "p-cpe:/a:novell:opensuse:libldb2-32bit", "p-cpe:/a:novell:opensuse:libnfsidmap-sss", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit", "p-cpe:/a:novell:opensuse:libsss_certmap-devel", "p-cpe:/a:novell:opensuse:libsss_certmap0", "p-cpe:/a:novell:opensuse:libsss_idmap-devel", "p-cpe:/a:novell:opensuse:libsss_idmap0", "p-cpe:/a:novell:opensuse:libsss_nss_idmap-devel", "p-cpe:/a:novell:opensuse:libsss_nss_idmap0", "p-cpe:/a:novell:opensuse:libsss_simpleifp-devel", "p-cpe:/a:novell:opensuse:libsss_simpleifp0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libtalloc2-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:libtevent0-32bit", "p-cpe:/a:novell:opensuse:pam_apparmor", "p-cpe:/a:novell:opensuse:pam_apparmor-32bit", "p-cpe:/a:novell:opensuse:perl-apparmor", "p-cpe:/a:novell:opensuse:python3-apparmor", "p-cpe:/a:novell:opensuse:python3-ipa_hbac", "p-cpe:/a:novell:opensuse:python3-ldb", "p-cpe:/a:novell:opensuse:python3-ldb-32bit", "p-cpe:/a:novell:opensuse:python3-ldb-devel", "p-cpe:/a:novell:opensuse:python3-sss-murmur", "p-cpe:/a:novell:opensuse:python3-sss_nss_idmap", "p-cpe:/a:novell:opensuse:python3-sssd-config", "p-cpe:/a:novell:opensuse:python3-talloc", "p-cpe:/a:novell:opensuse:python3-talloc-32bit", "p-cpe:/a:novell:opensuse:python3-talloc-devel", "p-cpe:/a:novell:opensuse:python3-tdb", "p-cpe:/a:novell:opensuse:python3-tdb-32bit", "p-cpe:/a:novell:opensuse:python3-tevent", "p-cpe:/a:novell:opensuse:python3-tevent-32bit", "p-cpe:/a:novell:opensuse:ruby-apparmor", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-libs", "p-cpe:/a:novell:opensuse:samba-ad-dc-libs-32bit", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-64bit", "p-cpe:/a:novell:opensuse:samba-client-libs", "p-cpe:/a:novell:opensuse:samba-client-libs-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-devel-32bit", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-gpupdate", "p-cpe:/a:novell:opensuse:samba-ldb-ldap", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-64bit", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-64bit", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-tool", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-libs", "p-cpe:/a:novell:opensuse:samba-winbind-libs-32bit", "p-cpe:/a:novell:opensuse:sssd", "p-cpe:/a:novell:opensuse:sssd-ad", "p-cpe:/a:novell:opensuse:sssd-common", "p-cpe:/a:novell:opensuse:sssd-dbus", "p-cpe:/a:novell:opensuse:sssd-ipa", "p-cpe:/a:novell:opensuse:sssd-krb5", "p-cpe:/a:novell:opensuse:sssd-krb5-common", "p-cpe:/a:novell:opensuse:sssd-ldap", "p-cpe:/a:novell:opensuse:sssd-proxy", "p-cpe:/a:novell:opensuse:sssd-tools", "p-cpe:/a:novell:opensuse:sssd-wbclient", "p-cpe:/a:novell:opensuse:sssd-wbclient-devel", "p-cpe:/a:novell:opensuse:sssd-winbind-idmap", "p-cpe:/a:novell:opensuse:talloc-man", "p-cpe:/a:novell:opensuse:tdb-tools", "p-cpe:/a:novell:opensuse:tevent-man", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0283-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157325", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0283-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157325);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2020-27840\",\n \"CVE-2021-20277\",\n \"CVE-2021-20316\",\n \"CVE-2021-36222\",\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"openSUSE 15 Security Update : samba (openSUSE-SU-2022:0283-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be\n ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory,\n resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to\n an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that\n have write access to the exported part of the file system under a share via SMB1 unix extensions or via\n NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can\n then use SMB1 unix extension information queries to determine if the target of the symlink exists or not\n by examining error codes returned from the smbd server. There is no ability to access these files or\n directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix\n extensions are not enabled then there is no way to discover if a symlink points to a valid target or not\n via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1\n with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a\n file server can help attackers guess system user names or the exact operating system release and\n applications running on the server hosting Samba which may help mount further attacks. SMB1 has been\n disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the\n wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195048\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72ZRNFZ3DE3TJA7HFCVV476YJN6I4B5M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dafccda9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-abstractions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-parser-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-profiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-utils-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-spake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipa_hbac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipa_hbac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnfsidmap-sss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_certmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_certmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_nss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_nss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_simpleifp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_simpleifp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_apparmor-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ipa_hbac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sss-murmur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sss_nss_idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sssd-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tdb-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tevent-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-wbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-winbind-idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:talloc-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tevent-man\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache2-mod_apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-pcp-pmda-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-32bit-1.19.2-150300.8.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-devel-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnfsidmap-sss-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipa_hbac-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-32bit-2.4.1-150300.3.10.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sss-murmur-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sss_nss_idmap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-32bit-2.3.3-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tdb-32bit-1.4.4-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tevent-32bit-0.11.0-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-wbclient-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-wbclient-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_apparmor / apparmor-abstractions / apparmor-parser / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:37:31", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2022:0283-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27840", "CVE-2021-20277", "CVE-2021-20316", "CVE-2021-36222", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_apparmor", "p-cpe:/a:novell:suse_linux:apparmor-abstractions", "p-cpe:/a:novell:suse_linux:apparmor-docs", "p-cpe:/a:novell:suse_linux:apparmor-parser", "p-cpe:/a:novell:suse_linux:apparmor-parser-lang", "p-cpe:/a:novell:suse_linux:apparmor-profiles", "p-cpe:/a:novell:suse_linux:apparmor-utils", "p-cpe:/a:novell:suse_linux:apparmor-utils-lang", "p-cpe:/a:novell:suse_linux:ctdb", "p-cpe:/a:novell:suse_linux:krb5", "p-cpe:/a:novell:suse_linux:krb5-32bit", "p-cpe:/a:novell:suse_linux:krb5-client", "p-cpe:/a:novell:suse_linux:krb5-devel", "p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-spake", "p-cpe:/a:novell:suse_linux:krb5-server", "p-cpe:/a:novell:suse_linux:ldb-tools", "p-cpe:/a:novell:suse_linux:libapparmor-devel", "p-cpe:/a:novell:suse_linux:libapparmor1", "p-cpe:/a:novell:suse_linux:libapparmor1-32bit", "p-cpe:/a:novell:suse_linux:libipa_hbac-devel", "p-cpe:/a:novell:suse_linux:libipa_hbac0", "p-cpe:/a:novell:suse_linux:libldb-devel", "p-cpe:/a:novell:suse_linux:libldb2", "p-cpe:/a:novell:suse_linux:libldb2-32bit", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsss_certmap-devel", "p-cpe:/a:novell:suse_linux:libsss_certmap0", "p-cpe:/a:novell:suse_linux:libsss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_simpleifp-devel", "p-cpe:/a:novell:suse_linux:libsss_simpleifp0", "p-cpe:/a:novell:suse_linux:libtalloc-devel", "p-cpe:/a:novell:suse_linux:libtalloc2", "p-cpe:/a:novell:suse_linux:libtalloc2-32bit", "p-cpe:/a:novell:suse_linux:libtdb-devel", "p-cpe:/a:novell:suse_linux:libtdb1", "p-cpe:/a:novell:suse_linux:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:libtevent-devel", "p-cpe:/a:novell:suse_linux:libtevent0", "p-cpe:/a:novell:suse_linux:libtevent0-32bit", "p-cpe:/a:novell:suse_linux:pam_apparmor", "p-cpe:/a:novell:suse_linux:pam_apparmor-32bit", "p-cpe:/a:novell:suse_linux:perl-apparmor", "p-cpe:/a:novell:suse_linux:python3-apparmor", "p-cpe:/a:novell:suse_linux:python3-ldb", "p-cpe:/a:novell:suse_linux:python3-ldb-devel", "p-cpe:/a:novell:suse_linux:python3-sssd-config", "p-cpe:/a:novell:suse_linux:python3-talloc", "p-cpe:/a:novell:suse_linux:python3-talloc-devel", "p-cpe:/a:novell:suse_linux:python3-tdb", "p-cpe:/a:novell:suse_linux:python3-tevent", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ad-dc-libs", "p-cpe:/a:novell:suse_linux:samba-ad-dc-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-ceph", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-32bit", "p-cpe:/a:novell:suse_linux:samba-client-libs", "p-cpe:/a:novell:suse_linux:samba-client-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-devel", "p-cpe:/a:novell:suse_linux:samba-devel-32bit", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-gpupdate", "p-cpe:/a:novell:suse_linux:samba-ldb-ldap", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-tool", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-libs", "p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit", "p-cpe:/a:novell:suse_linux:sssd", "p-cpe:/a:novell:suse_linux:sssd-ad", "p-cpe:/a:novell:suse_linux:sssd-common", "p-cpe:/a:novell:suse_linux:sssd-dbus", "p-cpe:/a:novell:suse_linux:sssd-ipa", "p-cpe:/a:novell:suse_linux:sssd-krb5", "p-cpe:/a:novell:suse_linux:sssd-krb5-common", "p-cpe:/a:novell:suse_linux:sssd-ldap", "p-cpe:/a:novell:suse_linux:sssd-proxy", "p-cpe:/a:novell:suse_linux:sssd-tools", "p-cpe:/a:novell:suse_linux:sssd-winbind-idmap", "p-cpe:/a:novell:suse_linux:talloc-man", "p-cpe:/a:novell:suse_linux:tdb-tools", "p-cpe:/a:novell:suse_linux:tevent-man", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0283-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157307", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0283-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157307);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-27840\",\n \"CVE-2021-20277\",\n \"CVE-2021-20316\",\n \"CVE-2021-36222\",\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0283-1\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2022:0283-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be\n ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory,\n resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to\n an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated\n attacker with permissions to read or modify share metadata, to perform this operation outside of the\n share. (CVE-2021-20316)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0336\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010164.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?105ef610\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-abstractions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-parser-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-profiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-utils-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-spake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_certmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_certmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_simpleifp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_simpleifp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-sssd-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-talloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-winbind-idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:talloc-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tevent-man\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-docs-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-docs-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-python2-release-15.3']},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-python2-release-15.3']},\n {'reference':'apache2-mod_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'krb5-server-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:26", "description": "The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1396-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:1396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1396-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170214", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1396-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170214);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-39226\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-21673\",\n \"CVE-2022-21702\",\n \"CVE-2022-21703\",\n \"CVE-2022-21713\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1396-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:1396-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nSUSE-SU-2022:1396-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data\n source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API\n token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack\n relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the\n Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana\n instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been\n patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker\n could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML\n page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could\n either compromise an existing datasource for a specific Grafana instance or either set up its own public\n service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following\n must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as\n Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above\n datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked\n on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled\n with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a\n specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated\n user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a\n compromised plugin through a crafted link. Users are advised to update to a patched version. There are no\n known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a\n cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting\n cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into\n inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as\n possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose\n multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an\n authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will\n allow an authenticated attacker to search for teams and see the total number of available teams, including\n for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin\n flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197579\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010822.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1133287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21713\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected prometheus-postgres_exporter, python3-rhnlib and / or spacecmd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^SUSE\") audit(AUDIT_OS_NOT, \"openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SUSE[\\d.]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);\n\nvar pkgs = [\n {'reference':'prometheus-postgres_exporter-0.10.0-150000.1.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'python3-rhnlib-4.2.6-150000.3.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'spacecmd-4.2.16-150000.3.77.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'prometheus-postgres_exporter / python3-rhnlib / spacecmd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:47", "description": "The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4437-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn't call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds. (CVE-2022-29170)\n\n - Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.\n (CVE-2022-31097)\n\n - Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n (CVE-2022-31107)\n\n - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at:\n https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth- proxy/ (CVE-2022-35957)\n\n - Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.\n (CVE-2022-36062)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:4437-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-29170", "CVE-2022-31097", "CVE-2022-31107", "CVE-2022-35957", "CVE-2022-36062"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170209", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4437-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170209);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-29170\",\n \"CVE-2022-31097\",\n \"CVE-2022-31107\",\n \"CVE-2022-35957\",\n \"CVE-2022-36062\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4437-1\");\n\n script_name(english:\"openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:4437-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nSUSE-SU-2022:4437-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request\n security feature allows list allows to configure Grafana in a way so that the instance doesn't call or\n only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to\n versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource\n (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts\n Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom\n datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the\n redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this\n vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known\n workarounds. (CVE-2022-29170)\n\n - Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch\n prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified\n Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor\n to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10\n contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.\n (CVE-2022-31097)\n\n - Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9,\n 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana\n instance via a configured OAuth IdP which provides a login name to take over the account of another user\n in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via\n OAuth, the malicious user's external user id is not already associated with an account in Grafana, the\n malicious user's email address is not already associated with an account in Grafana, and the malicious\n user knows the Grafana username of the target user. If these conditions are met, the malicious user can\n set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log\n in to Grafana. Due to the way that external and internal user accounts are linked together during login,\n if the conditions above are all met then the malicious user will be able to log in to the target user's\n Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a\n workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users\n authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n (CVE-2022-31107)\n\n - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13\n are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to\n take over the server admin account and gain full control of the grafana instance. All installations should\n be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at:\n https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-\n proxy/ (CVE-2022-35957)\n\n - Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9,\n and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on\n some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where\n RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder\n permissions to RBAC permissions do not account for the scenario where the only user permission in the\n folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and\n view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround\n when the impacted folder/dashboard is known is to remove the additional permissions manually.\n (CVE-2022-36062)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203599\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013220.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e28b3be\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-35957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^SUSE\") audit(AUDIT_OS_NOT, \"openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SUSE[\\d.]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'openSUSE 15', 'openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE (' + os_ver + ')', cpu);\n\nvar pkgs = [\n {'reference':'dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'golang-github-boynux-squid_exporter-1.6-150000.1.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'golang-github-prometheus-promu-0.13.0-150000.3.9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'spacecmd-4.3.16-150000.3.89.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'golang-github-boynux-squid_exporter-1.6-150000.1.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'golang-github-prometheus-promu-0.13.0-150000.3.9.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'prometheus-blackbox_exporter-0.19.0-150000.1.14.3', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'spacecmd-4.3.16-150000.3.89.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'wire-0.5.0-150000.1.9.3', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dracut-saltboot / golang-github-boynux-squid_exporter / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T19:01:48", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4428-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn't call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds. (CVE-2022-29170)\n\n - Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.\n (CVE-2022-31097)\n\n - Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n (CVE-2022-31107)\n\n - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at:\n https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth- proxy/ (CVE-2022-35957)\n\n - Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder permissions to RBAC permissions do not account for the scenario where the only user permission in the folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround when the impacted folder/dashboard is known is to remove the additional permissions manually.\n (CVE-2022-36062)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-14T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:4428-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-29170", "CVE-2022-31097", "CVE-2022-31107", "CVE-2022-35957", "CVE-2022-36062"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grafana", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-4428-1.NASL", "href": "https://www.tenable.com/plugins/nessus/168719", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4428-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168719);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-29170\",\n \"CVE-2022-31097\",\n \"CVE-2022-31107\",\n \"CVE-2022-35957\",\n \"CVE-2022-36062\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4428-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:4428-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:4428-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request\n security feature allows list allows to configure Grafana in a way so that the instance doesn't call or\n only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to\n versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource\n (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts\n Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom\n datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the\n redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this\n vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known\n workarounds. (CVE-2022-29170)\n\n - Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch\n prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified\n Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor\n to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10\n contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting.\n (CVE-2022-31097)\n\n - Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9,\n 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana\n instance via a configured OAuth IdP which provides a login name to take over the account of another user\n in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via\n OAuth, the malicious user's external user id is not already associated with an account in Grafana, the\n malicious user's email address is not already associated with an account in Grafana, and the malicious\n user knows the Grafana username of the target user. If these conditions are met, the malicious user can\n set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log\n in to Grafana. Due to the way that external and internal user accounts are linked together during login,\n if the conditions above are all met then the malicious user will be able to log in to the target user's\n Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a\n workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users\n authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.\n (CVE-2022-31107)\n\n - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13\n are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to\n take over the server admin account and gain full control of the grafana instance. All installations should\n be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at:\n https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-\n proxy/ (CVE-2022-35957)\n\n - Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9,\n and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on\n some folders where Admin is the only used permission. The vulnerability impacts Grafana instances where\n RBAC was disabled and enabled afterwards, as the migrations which are translating legacy folder\n permissions to RBAC permissions do not account for the scenario where the only user permission in the\n folder is Admin, as a result RBAC adds permissions for Editors and Viewers which allow them to edit and\n view folders accordingly. This issue has been patched in versions 8.5.13, 9.0.9, and 9.1.6. A workaround\n when the impacted folder/dashboard is known is to remove the additional permissions manually.\n (CVE-2022-36062)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-31107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-35957\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36062\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-December/013218.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52f1f3b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grafana package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grafana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'grafana-8.5.13-150200.3.29.5', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'grafana-8.5.13-150200.3.29.5', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'grafana-8.5.13-150200.3.29.5', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-packagehub-subpackages-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},\n {'reference':'grafana-8.5.13-150200.3.29.5', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-packagehub-subpackages-release-15.4', 'sled-release-15.4', 'sles-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:13:07", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2134-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine- grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users' roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. (CVE-2022-21698)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21698", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2023-07-13T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter"], "id": "SUSE_SU-2022-2134-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162469", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2134-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162469);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3711\",\n \"CVE-2021-36222\",\n \"CVE-2021-39226\",\n \"CVE-2021-41174\",\n \"CVE-2021-41244\",\n \"CVE-2021-43798\",\n \"CVE-2021-43813\",\n \"CVE-2021-43815\",\n \"CVE-2022-21673\",\n \"CVE-2022-21698\",\n \"CVE-2022-21702\",\n \"CVE-2022-21703\",\n \"CVE-2022-21713\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2134-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:2134-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2134-1 advisory.\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - In order to decrypt SM2 encrypted data an application is expected to call the API function\n EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the\n out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size\n required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer\n and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug\n in the implementation of the SM2 decryption code means that the calculation of the buffer size required to\n hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size\n required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the\n application a second time with a buffer that is too small. A malicious attacker who is able present SM2\n content for decryption to an application could cause attacker chosen data to overflow the buffer by up to\n a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing\n application behaviour or causing the application to crash. The location of the buffer is application\n dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).\n (CVE-2021-3711)\n\n - Grafana is an open source data visualization platform. In affected versions unauthenticated and\n authenticated users are able to view the snapshot with the lowest database key by accessing the literal\n paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot public_mode configuration\n setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with\n the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the\n snapshot public_mode setting, authenticated users are able to delete the snapshot with the lowest\n database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The\n combination of deletion and viewing enables a complete walk through all snapshot data while resulting in\n complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason\n you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths:\n /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key.\n They have no normal function and can be disabled without side effects. (CVE-2021-39226)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker\n is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content\n may be executed within the context of the victim's browser. The user visiting the malicious link must be\n unauthenticated and the link must be for a page that contains the login button in the menu bar. The url\n has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS\n expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex:\n {{constructor.constructor(alert(1)')()}}. When the user follows the link and the page renders, the login\n button will contain the original link with a query parameter to force a redirect to the login page. The\n URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained\n in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you\n can use a reverse proxy or similar to block access to block the literal string {{ in the path.\n (CVE-2021-41174)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-\n grained access control beta feature is enabled and there is more than one organization in the Grafana\n instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism\n which allowed users with the Organization Admin role to list, add, remove, and update users' roles in\n other organizations in which they are not an admin. With fine-grained access control enabled, organization\n admins can list, add, remove and update users' roles in another organization, where they do not have\n organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control\n beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade,\n you should turn off the fine-grained access control using a feature flag. (CVE-2021-41244)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through\n 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.\n The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any\n installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched\n versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about\n vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The\n vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated\n users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to\n patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of\n Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files,\n users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help\n text. (CVE-2021-43813)\n\n - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and\n 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the\n developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited\n in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana\n Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for\n this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front\n of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to\n also be able to handle url encoded paths. (CVE-2021-43815)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions when a data\n source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API\n token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user.\n This can allow API token holders to retrieve data for which they may not have intended access. This attack\n relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the\n Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana\n instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been\n patched in versions 7.5.13 and 8.3.4. (CVE-2022-21673)\n\n - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package\n in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version\n 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential\n memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an\n instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;\n not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our\n middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.\n client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including\n removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected\n promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method\n given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow\n a limited set of methods. (CVE-2022-21698)\n\n - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker\n could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML\n page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could\n either compromise an existing datasource for a specific Grafana instance or either set up its own public\n service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following\n must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as\n Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above\n datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked\n on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled\n with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a\n specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated\n user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a\n compromised plugin through a crafted link. Users are advised to update to a patched version. There are no\n known workarounds for this vulnerability. (CVE-2022-21702)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a\n cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting\n cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins).\n An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into\n inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as\n possible. There are no known workarounds for this issue. (CVE-2022-21703)\n\n - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose\n multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an\n authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will\n allow an authenticated attacker to search for teams and see the total number of available teams, including\n for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin\n flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.\n Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n (CVE-2022-21713)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21713\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011316.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f170d02\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang-github-prometheus-node_exporter package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'golang-github-prometheus-node_exporter-1.3.0-1.15.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang-github-prometheus-node_exporter');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:42", "description": "The version of MySQL running on the remote host is 8.0.x prior to 8.0.27. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the October 2021 Critical Patch Update advisory:\n\n - A vulnerability in the OpenSSL component that can result in a takeover of the MySQL server.\n (CVE-2021-3711)\n\n - An easily exploitable vulnerability in the Kerberos component of MySQL server that allows an unauthenticated, remote attacker to affect availability. (CVE-2021-36222)\n\n - An easily exploitable vulnerability in the cURL component that allows an unauthenticated, remote attacker to affect the availability of the MySQL Server. (CVE-2021-22926)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-20T00:00:00", "type": "nessus", "title": "MySQL 8.0.x < 8.0.27 Multiple Vulnerabilities (Oct 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22926", "CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2021-36222", "CVE-2021-3711", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21352"], "modified": "2022-01-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_27.NASL", "href": "https://www.tenable.com/plugins/nessus/154258", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154258);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-3711\",\n \"CVE-2021-22926\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2021-36222\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21352\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n\n script_name(english:\"MySQL 8.0.x < 8.0.27 Multiple Vulnerabilities (Oct 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to 8.0.27. It is, therefore, affected by multiple\nvulnerabilities, including the following, as noted in the October 2021 Critical Patch Update advisory:\n\n - A vulnerability in the OpenSSL component that can result in a takeover of the MySQL server.\n (CVE-2021-3711)\n\n - An easily exploitable vulnerability in the Kerberos component of MySQL server that allows an\n unauthenticated, remote attacker to affect availability. (CVE-2021-36222)\n\n - An easily exploitable vulnerability in the cURL component that allows an unauthenticated, remote attacker\n to affect the availability of the MySQL Server. (CVE-2021-22926)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2021cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.27 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3711\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '8.0', 'fixed_version' : '8.0.27'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-06-29T13:51:02", "description": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in\nMIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows\nremote attackers to cause a NULL pointer dereference and daemon crash. This\noccurs because a return value is not properly managed in a certain\nsituation.\n\n#### Bugs\n\n * <http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-22T00:00:00", "type": "ubuntucve", "title": "CVE-2021-36222", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-22T00:00:00", "id": "UB:CVE-2021-36222", "href": "https://ubuntu.com/security/CVE-2021-36222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for krb5 fixes the following issues:\n\n - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge.\n (bsc#1188571)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2800=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-20T00:00:00", "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-08-20T00:00:00", "id": "OPENSUSE-SU-2021:2800-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/22SNDEWZFK4UZGGV35YI72FNLVIRJTIF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for krb5 fixes the following issues:\n\n - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge.\n (bsc#1188571)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1182=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-23T00:00:00", "type": "suse", "title": "Security update for krb5 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-08-23T00:00:00", "id": "OPENSUSE-SU-2021:1182-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5YD36VO3UYG3QGTYXP2IABP7W52ZZE6X/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-06T12:08:42", "description": "An update that solves 8 vulnerabilities, contains one\n feature and has two fixes is now available.\n\nDescription:\n\n\n\n - CVE-2021-44141: Information leak via symlinks of existance of files or\n directories outside of the exported share; (bso#14911); (bsc#1193690);\n - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS\n module vfs_fruit allows code execution; (bso#14914); (bsc#1194859);\n - CVE-2022-0336: Samba AD users with permission to write to an account can\n impersonate arbitrary services; (bso#14950); (bsc#1195048);\n\n samba was updated to 4.15.4 (jsc#SLE-23329);\n\n * Duplicate SMB file_ids leading to Windows client cache poisoning;\n (bso#14928);\n * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -\n NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);\n * kill_tcp_connections does not work; (bso#14934);\n * Can't connect to Windows shares not requiring authentication using\n KDE/Gnome; (bso#14935);\n * smbclient -L doesn't set \"client max protocol\" to NT1 before calling the\n \"Reconnecting with SMB1 for workgroup listing\" path; (bso#14939);\n * Cross device copy of the crossrename module always fails; (bso#14940);\n * symlinkat function from VFS cap module always fails with an error;\n (bso#14941);\n * Fix possible fsp pointer deference; (bso#14942);\n * Missing pop_sec_ctx() in error path inside close_directory();\n (bso#14944);\n * \"smbd --build-options\" no longer works without an smb.conf file;\n (bso#14945);\n\n Samba was updated to version 4.15.3\n\n + CVE-2021-43566: Symlink race error can allow directory creation\n outside of the exported share; (bsc#1139519);\n + CVE-2021-20316: Symlink race error can allow metadata read and modify\n outside of the exported share; (bsc#1191227);\n - Reorganize libs packages. Split samba-libs into samba-client-libs,\n samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba\n public libraries depending on internal samba libraries into these\n packages as there were dependency problems everytime one of these public\n libraries changed its version (bsc#1192684). The devel packages are\n merged into samba-devel.\n - Rename package samba-core-devel to samba-devel\n - Update the symlink create by samba-dsdb-modules to private samba ldb\n modules following libldb2 changes from /usr/lib64/ldb/samba to\n /usr/lib64/ldb2/modules/ldb/samba\n\n krb5 was updated to 1.16.3 to 1.19.2\n\n * Fix a denial of service attack against the KDC encrypted challenge code;\n (CVE-2021-36222);\n * Fix a memory leak when gss_inquire_cred() is called without a credential\n handle.\n\n Changes from 1.19.1:\n\n * Fix a linking issue with Samba.\n * Better support multiple pkinit_identities values by checking whether\n certificates can be loaded for each value.\n\n Changes from 1.19\n\n Administrator experience\n * When a client keytab is present, the GSSAPI krb5 mech will refresh\n credentials even if the current credentials were acquired manually.\n * It is now harder to accidentally delete the K/M entry from a KDB.\n Developer experience\n * gss_acquire_cred_from() now supports the \"password\" and \"verify\"\n options, allowing credentials to be acquired via password and verified\n using a keytab key.\n * When an application accepts a GSS security context, the new\n GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor\n both provided matching channel bindings.\n * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests\n to identify the desired client principal by certificate.\n * PKINIT certauth modules can now cause the hw-authent flag to be set in\n issued tickets.\n * The krb5_init_creds_step() API will now issue the same password\n expiration warnings as krb5_get_init_creds_password(). Protocol\n evolution\n * Added client and KDC support for Microsoft's Resource-Based\n Constrained Delegation, which allows cross-realm S4U2Proxy requests. A\n third-party database module is required for KDC support.\n * kadmin/admin is now the preferred server principal name for kadmin\n connections, and the host-based form is no longer created by default.\n The client will still try the host-based form as a fallback.\n * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT\n extension, which causes channel bindings to be required for the\n initiator if the acceptor provided them. The client will send this\n option if the client_aware_gss_bindings profile option is set. User\n experience\n * kinit will now issue a warning if the des3-cbc-sha1 encryption type is\n used in the reply. This encryption type will be deprecated and removed\n in future releases.\n * Added kvno flags --out-cache, --no-store, and --cached-only (inspired\n by Heimdal's kgetcred).\n\n Changes from 1.18.3\n * Fix a denial of service vulnerability when decoding Kerberos protocol\n messages.\n * Fix a locking issue with the LMDB KDB module which could cause KDC and\n kadmind processes to lose access to the database.\n * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and\n unloaded while libkrb5support remains loaded.\n\n Changes from 1.18.2\n * Fix a SPNEGO regression where an acceptor using the default credential\n would improperly filter mechanisms, causing a negotiation failure.\n * Fix a bug where the KDC would fail to issue tickets if the local krbtgt\n principal's first key has a single-DES enctype.\n * Add stub functions to allow old versions of OpenSSL libcrypto to link\n against libkrb5.\n * Fix a NegoEx bug where the client name and delegated credential might\n not be reported.\n\n Changes from 1.18.1\n * Fix a crash when qualifying short hostnames when the system has no\n primary DNS domain.\n * Fix a regression when an application imports \"service@\" as a GSS\n host-based name for its acceptor credential handle.\n * Fix KDC enforcement of auth indicators when they are modified by the KDB\n module.\n * Fix removal of require_auth string attributes when the LDAP KDB module\n is used.\n * Fix a compile error when building with musl libc on Linux.\n * Fix a compile error when building with gcc 4.x.\n * Change the KDC constrained delegation precedence order for consistency\n with Windows KDCs.\n\n Changes from 1.18 Administrator experience:\n * Remove support for single-DES encryption types.\n * Change the replay cache format to be more efficient and robust. Replay\n cache filenames using the new format end with \".rcache2\" by default.\n * setuid programs will automatically ignore environment variables that\n normally affect krb5 API functions, even if the caller does not use\n krb5_init_secure_context().\n * Add an \"enforce_ok_as_delegate\" krb5.conf relation to disable\n credential forwarding during GSSAPI authentication unless the KDC sets\n the ok-as-delegate bit in the service ticket.\n * Use the permitted_enctypes krb5.conf setting as the default value for\n default_tkt_enctypes and default_tgs_enctypes. Developer experience:\n * Implement krb5_cc_remove_cred() for all credential cache types.\n * Add the krb5_pac_get_client_info() API to get the client account name\n from a PAC. Protocol evolution:\n * Add KDC support for S4U2Self requests where the user is identified by\n X.509 certificate. (Requires support for certificate lookup from a\n third-party KDB module.)\n * Remove support for an old (\"draft 9\") variant of PKINIT.\n * Add support for Microsoft NegoEx. (Requires one or more third-party\n GSS modules implementing NegoEx mechanisms.) User experience:\n * Add support for \"dns_canonicalize_hostname=fallback\", causing\n host-based principal names to be tried first without DNS\n canonicalization, and again with DNS canonicalization if the\n un-canonicalized server is not found.\n * Expand single-component hostnames in host-based principal names when\n DNS canonicalization is not used, adding the system's first DNS search\n path as a suffix. Add a \"qualify_shortname\" krb5.conf relation to\n override this suffix or disable expansion.\n * Honor the transited-policy-checked ticket flag on application servers,\n eliminating the requirement to configure capaths on servers in some\n scenarios. Code quality:\n * The libkrb5 serialization code (used to export and import krb5 GSS\n security contexts) has been simplified and made type-safe.\n * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED\n messages has been revised to conform to current coding practices.\n * The test suite has been modified to work with macOS System Integrity\n Protection enabled.\n * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support\n can always be tested.\n\n Changes from 1.17.1\n * Fix a bug preventing \"addprinc -randkey -kvno\" from working in kadmin.\n * Fix a bug preventing time skew correction from working when a KCM\n credential cache is used.\n\n Changes from 1.17: Administrator experience:\n * A new Kerberos database module using the Lightning Memory-Mapped\n Database library (LMDB) has been added. The LMDB KDB module should be\n more performant and more robust than the DB2 module, and may become the\n default module for new databases in a future release.\n * \"kdb5_util dump\" will no longer dump policy entries when specific\n principal names are requested. Developer experience:\n * The new krb5_get_etype_info() API can be used to retrieve enctype, salt,\n and string-to-key parameters from the KDC for a client principal.\n * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise\n principal names to be used with GSS-API functions.\n * KDC and kadmind modules which call com_err() will now write to the log\n file in a format more consistent with other log messages.\n * Programs which use large numbers of memory credential caches should\n perform better. Protocol evolution:\n * The SPAKE pre-authentication mechanism is now supported. This mechanism\n protects against password dictionary attacks without requiring any\n additional infrastructure such as certificates. SPAKE is enabled by\n default on clients, but must be manually enabled on the KDC for this\n release.\n * PKINIT freshness tokens are now supported. Freshness tokens can protect\n against scenarios where an attacker uses temporary access to a smart\n card to generate authentication requests for the future.\n * Password change operations now prefer TCP over UDP, to avoid spurious\n error messages about replays when a response packet is dropped.\n * The KDC now supports cross-realm S4U2Self requests when used with a\n third-party KDB module such as Samba's. The client code for cross-realm\n S4U2Self requests is also now more robust. User experience:\n * The new ktutil addent -f flag can be used to fetch salt information from\n the KDC for password-based keys.\n * The new kdestroy -p option can be used to destroy a credential cache\n within a collection by client principal name.\n * The Kerberos man page has been restored, and documents the environment\n variables that affect programs using the Kerberos library. Code quality:\n * Python test scripts now use Python 3.\n * Python test scripts now display markers in verbose output, making it\n easier to find where a failure occurred within the scripts.\n * The Windows build system has been simplified and updated to work with\n more recent versions of Visual Studio. A large volume of unused\n Windows-specific code has been removed. Visual Studio 2013\n or later is now required.\n\n - Build with full Cyrus SASL support. Negotiating SASL credentials with an\n EXTERNAL bind mechanism requires interaction. Kerberos provides its\n own interaction function that skips all interaction, thus preventing the\n mechanism from working. ldb was updated to version 2.4.1\n (jsc#SLE-23329);\n\n - Release 2.4.1\n\n + Corrected python behaviour for 'in' for LDAP attributes contained as\n part of ldb.Message; (bso#14845);\n + Fix memory handling in ldb.msg_diff; (bso#14836);\n\n - Release 2.4.0\n\n + pyldb: Fix Message.items() for a message containing elements\n + pyldb: Add test for Message.items()\n + tests: Use ldbsearch '--scope instead of '-s'\n + Change page size of guidindexpackv1.ldb\n + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream\n + attrib_handler casefold: simplify space dropping\n + fix ldb_comparison_fold off-by-one overrun\n + CVE-2020-27840: pytests: move Dn.validate test to ldb\n + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode\n + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds\n + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces\n + improve comments for ldb_module_connect_backend()\n + test/ldb_tdb: correct introductory comments\n + ldb.h: remove undefined async_ctx function signatures\n + correct comments in attrib_handers val_to_int64\n + dn tests use cmocka print functions\n + ldb_match: remove redundant check\n + add tests for ldb_wildcard_compare\n + ldb_match: trailing chunk must match end of string\n + pyldb: catch potential overflow error in py_timestring\n + ldb: remove some 'if PY3's in tests\n\n talloc was updated to 2.3.3:\n\n + various bugfixes\n + python: Ensure reference counts are properly incremented\n + Change pytalloc source to LGPL\n + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846).\n\n tdb was updated to version 1.4.4:\n\n + various bugfixes\n\n tevent was updated to version 0.11.0:\n\n + Add custom tag to events\n + Add event trace api\n\n sssd was updated to:\n\n - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5\n - Update the private ldb modules installation following libldb2 changes\n from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba\n\n apparmor was updated to:\n\n - Cater for changes to ldb packaging to allow parallel installation with\n libldb (bsc#1192684).\n - add profile for samba-bgqd (bsc#1191532).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-283=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "suse", "title": "Security update for samba (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27840", "CVE-2021-20277", "CVE-2021-20316", "CVE-2021-36222", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-02-01T00:00:00", "id": "OPENSUSE-SU-2022:0283-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72ZRNFZ3DE3TJA7HFCVV476YJN6I4B5M/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-11-06T17:58:07", "description": "An update that fixes 12 vulnerabilities, contains three\n features is now available.\n\nDescription:\n\n\n This update fixes the following issues:\n\n grafana:\n\n - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439,\n jsc#SLE-23422)\n + Security:\n * Fixes XSS vulnerability in handling data sources (bsc#1195726,\n CVE-2022-21702)\n * Fixes cross-origin request forgery vulnerability (bsc#1195727,\n CVE-2022-21703)\n * Fixes Insecure Direct Object Reference vulnerability in Teams API\n (bsc#1195728, CVE-2022-21713)\n - Update to Go 1.17.\n - Add build-time dependency on `wire`.\n - Update license to GNU Affero General Public License v3.0.\n - Update to version 8.3.4\n * GetUserInfo: return an error if no user was found (bsc#1194873,\n CVE-2022-21673)\n + Features and enhancements:\n * Alerting: Allow configuration of non-ready alertmanagers.\n * Alerting: Allow customization of Google chat message.\n * AppPlugins: Support app plugins with only default nav.\n * InfluxDB: query editor: skip fields in metadata queries.\n * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels\n query in grafana.\n * Prometheus: Forward oauth tokens after prometheus datasource\n migration.\n + Bug fixes:\n * Azure Monitor: Bug fix for variable interpolations in metrics\n dropdowns.\n * Azure Monitor: Improved error messages for variable queries.\n * CloudMonitoring: Fixes broken variable queries that use group bys.\n * Configuration: You can now see your expired API keys if you have no\n active ones.\n * Elasticsearch: Fix handling multiple datalinks for a single field.\n * Export: Fix error being thrown when exporting dashboards using query\n variables that reference the default datasource.\n * ImportDashboard: Fixes issue with importing dashboard and name\n ending up in uid.\n * Login: Page no longer overflows on mobile.\n * Plugins: Set backend metadata property for core plugins.\n * Prometheus: Fill missing steps with null values.\n * Prometheus: Fix interpolation of $__rate_interval variable.\n * Prometheus: Interpolate variables with curly brackets syntax.\n * Prometheus: Respect the http-method data source setting.\n * Table: Fixes issue with field config applied to wrong fields when\n hiding columns.\n * Toolkit: Fix bug with rootUrls not being properly parsed when\n signing a private plugin.\n * Variables: Fix so data source variables are added to adhoc\n configuration.\n + Plugin development fixes & changes:\n * Toolkit: Revert build config so tslib is bundled with plugins to\n prevent plugins from crashing.\n - Update to version 8.3.3:\n * BarChart: Use new data error view component to show actions in panel\n edit.\n * CloudMonitor: Iterate over pageToken for resources.\n * Macaron: Prevent WriteHeader invalid HTTP status code panic.\n * AnnoListPanel: Fix interpolation of variables in tags.\n * CloudWatch: Allow queries to have no dimensions specified.\n * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5\n to 8.3.0.\n * CloudWatch: Make sure MatchExact flag gets the right value.\n * Dashboards: Fix so that empty folders can be deleted from the manage\n dashboards/folders page.\n * InfluxDB: Improve handling of metadata query errors in InfluxQL.\n * Loki: Fix adding of ad hoc filters for queries with parser and\n line_format expressions.\n * Prometheus: Fix running of exemplar queries for non-histogram\n metrics.\n * Prometheus: Interpolate template variables in interval.\n * StateTimeline: Fix toolitp not showing when for frames with multiple\n fields.\n * TraceView: Fix virtualized scrolling when trace view is\n opened in right pane in Explore.\n * Variables: Fix repeating panels for on time range changed variables.\n * Variables: Fix so queryparam option works for scoped\n - Update to version 8.3.2\n + Security: Fixes CVE-2021-43813 and CVE-2021-43815.\n - Update to version 8.3.1\n + Security: Fixes CVE-2021-43798.\n - Update to version 8.3.0\n * Alerting: Prevent folders from being deleted when they contain\n alerts.\n * Alerting: Show full preview value in tooltip.\n * BarGauge: Limit title width when name is really long.\n * CloudMonitoring: Avoid to escape regexps in filters.\n * CloudWatch: Add support for AWS Metric Insights.\n * TooltipPlugin: Remove other panels' shared tooltip in edit panel.\n * Visualizations: Limit y label width to 40% of visualization width.\n * Alerting: Clear alerting rule evaluation errors after intermittent\n failures.\n * Alerting: Fix refresh on legacy Alert List panel.\n * Dashboard: Fix queries for panels with non-integer widths.\n * Explore: Fix url update inconsistency.\n * Prometheus: Fix range variables interpolation for time ranges\n smaller than 1 second.\n * ValueMappings: Fixes issue with regex value mapping that only sets\n color.\n - Update to version 8.3.0-beta2\n + Breaking changes:\n * Grafana 8 Alerting enabled by default for installations that do not\n use legacy alerting.\n * Keep Last State for \"If execution error or timeout\" when upgrading\n to Grafana 8 alerting.\n * Alerting: Create DatasourceError alert if evaluation returns error.\n * Alerting: Make Unified Alerting enabled by default for those who do\n not use legacy alerting.\n * Alerting: Support mute timings configuration through the api for the\n embedded alert manager.\n * CloudWatch: Add missing AWS/Events metrics.\n * Docs: Add easier to find deprecation notices to certain data sources\n and to the changelog.\n * Plugins Catalog: Enable install controls based on the\n pluginAdminEnabled flag.\n * Table: Add space between values for the DefaultCell and JSONViewCell.\n * Tracing: Make query editors available in dashboard for Tempo and\n Zipkin.\n * AccessControl: Renamed orgs roles, removed fixed:orgs:reader\n introduced in beta1.\n * Azure Monitor: Add trap focus for modals in grafana/ui and\n other small a11y fixes for Azure Monitor.\n * CodeEditor: Prevent suggestions from being clipped.\n * Dashboard: Fix cache timeout persistence.\n * Datasource: Fix stable sort order of query responses.\n * Explore: Fix error in query history when removing last item.\n * Logs: Fix requesting of older logs when flipped order.\n * Prometheus: Fix running of health check query based on access mode.\n * TextPanel: Fix suggestions for existing panels.\n * Tracing: Fix incorrect indentations due to reoccurring spanIDs.\n * Tracing: Show start time of trace with milliseconds precision.\n * Variables: Make renamed or missing variable section expandable.\n * Select: Select menus now properly scroll during keyboard navigation.\n - Update to version 8.3.0-beta1\n * Alerting: Add UI for contact point testing with custom annotations\n and labels.\n * Alerting: Make alert state indicator in panel header work with\n Grafana 8 alerts.\n * Alerting: Option for Discord notifier to use webhook name.\n * Annotations: Deprecate AnnotationsSrv.\n * Auth: Omit all base64 paddings in JWT tokens for the JWT auth.\n * Azure Monitor: Clean up fields when editing Metrics.\n * AzureMonitor: Add new starter dashboards.\n * AzureMonitor: Add starter dashboard for app monitoring with\n Application Insights.\n * Barchart/Time series: Allow x axis label.\n * CLI: Improve error handling for installing plugins.\n * CloudMonitoring: Migrate to use backend plugin SDK contracts.\n * CloudWatch Logs: Add retry strategy for hitting max concurrent\n queries.\n * CloudWatch: Add AWS RoboMaker metrics and dimension.\n * CloudWatch: Add AWS Transfer metrics and dimension.\n * Dashboard: replace datasource name with a reference object.\n * Dashboards: Show logs on time series when hovering.\n * Elasticsearch: Add support for Elasticsearch 8.0 (Beta).\n * Elasticsearch: Add time zone setting to Date Histogram aggregation.\n * Elasticsearch: Enable full range log volume histogram.\n * Elasticsearch: Full range logs volume.\n * Explore: Allow changing the graph type.\n * Explore: Show ANSI colors when highlighting matched words in the\n logs panel.\n * Graph(old) panel: Listen to events from Time series panel.\n * Import: Load gcom dashboards from URL.\n * LibraryPanels: Improves export and import of library panels between\n orgs.\n * OAuth: Support PKCE.\n * Panel edit: Overrides now highlight correctly when searching.\n * PanelEdit: Display drag indicators on draggable sections.\n * Plugins: Refactor Plugin Management.\n * Prometheus: Add custom query parameters when creating PromLink url.\n * Prometheus: Remove limits on metrics, labels, and values in Metrics\n Browser.\n * StateTimeline: Share cursor with rest of the panels.\n * Tempo: Add error details when json upload fails.\n * Tempo: Add filtering for service graph query.\n * Tempo: Add links to nodes in Service Graph pointing to Prometheus\n metrics.\n * Time series/Bar chart panel: Add ability to sort series via legend.\n * TimeSeries: Allow multiple axes for the same unit.\n * TraceView: Allow span links defined on dataFrame.\n * Transformations: Support a rows mode in labels to fields.\n * ValueMappings: Don't apply field config defaults to time fields.\n * Variables: Only update panels that are impacted by variable change.\n * API: Fix dashboard quota limit for imports.\n * Alerting: Fix rule editor issues with Azure Monitor data source.\n * Azure monitor: Make sure alert rule editor is not enabled when\n template variables are being used.\n * CloudMonitoring: Fix annotation queries.\n * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.\n * Dashboard: Remove the current panel from the list of options in the\n Dashboard datasource.\n * Encryption: Fix decrypting secrets in alerting migration.\n * InfluxDB: Fix corner case where index is too large in ALIAS\n * NavBar: Order App plugins alphabetically.\n * NodeGraph: Fix zooming sensitivity on touchpads.\n * Plugins: Add OAuth pass-through logic to api/ds/query endpoint.\n * Snapshots: Fix panel inspector for snapshot data.\n * Tempo: Fix basic auth password reset on adding tag.\n * ValueMapping: Fixes issue with regex mappings.\n * grafana/ui: Enable slider marks display.\n - Update to version 8.2.7\n - Update to version 8.2.6\n * Security: Upgrade Docker base image to Alpine 3.14.3.\n * Security: Upgrade Go to 1.17.2.\n * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated\n series.\n - Update to version 8.2.5\n * Fix No Data behaviour in Legacy Alerting.\n * Alerting: Fix a bug where the metric in the evaluation string was\n not correctly populated.\n * Alerting: Fix no data behaviour in Legacy Alerting for alert rules\n using the AND operator.\n * CloudMonitoring: Ignore min and max aggregation in MQL queries.\n * Dashboards: 'Copy' is no longer added to new dashboard titles.\n * DataProxy: Fix overriding response body when response is a WebSocket\n upgrade.\n * Elasticsearch: Use field configured in query editor as field for\n date_histogram aggregations.\n * Explore: Fix running queries without a datasource property set.\n * InfluxDB: Fix numeric aliases in queries.\n * Plugins: Ensure consistent plugin settings list response.\n * Tempo: Fix validation of float durations.\n * Tracing: Correct tags for each span are shown.\n - Update to version 8.2.4\n + Security: Fixes CVE-2021-41244.\n - Update to version 8.2.3\n + Security: Fixes CVE-2021-41174.\n - Update to version 8.2.2\n * Annotations: We have improved tag search performance.\n * Application: You can now configure an error-template title.\n * AzureMonitor: We removed a restriction from the resource filter\n query.\n * Packaging: We removed the ProcSubset option in systemd. This\n option prevented Grafana from starting in LXC environments.\n * Prometheus: We removed the autocomplete limit for metrics.\n * Table: We improved the styling of the type icons to make them more\n distinct from column / field name.\n * ValueMappings: You can now use value mapping in stat, gauge, bar\n gauge, and pie chart visualizations.\n * Alerting: Fix panic when Slack's API sends unexpected response.\n * Alerting: The Create Alert button now appears on the dashboard panel\n when you are working with a default datasource.\n * Explore: We fixed the problem where the Explore log panel disappears\n when an Elasticsearch logs query returns no results.\n * Graph: You can now see annotation descriptions on hover.\n * Logs: The system now uses the JSON parser only if the line is parsed\n to an object.\n * Prometheus: We fixed the issue where the system did not reuse TCP\n connections when querying from Grafana alerting.\n * Prometheus: We fixed the problem that resulted in an error when a\n user created a query with a $__interval min step.\n * RowsToFields: We fixed the issue where the system was not properly\n interpreting number values.\n * Scale: We fixed how the system handles NaN percent when data min =\n data max.\n * Table panel: You can now create a filter that includes special\n characters.\n - Update to version 8.2.1\n * Dashboard: Fix rendering of repeating panels.\n * Datasources: Fix deletion of data source if plugin is not found.\n * Packaging: Remove systemcallfilters sections from systemd unit files.\n * Prometheus: Add Headers to HTTP client options.\n - Update to version 8.2.0\n * AWS: Updated AWS authentication documentation.\n * Alerting: Added support Alertmanager data source for upstream\n Prometheus AM implementation.\n * Alerting: Allows more characters in label names so notifications are\n sent.\n * Alerting: Get alert rules for a dashboard or a panel using\n /api/v1/rules endpoints.\n * Annotations: Improved rendering performance of event markers.\n * CloudWatch Logs: Skip caching for log queries.\n * Explore: Added an opt-in configuration for Node Graph in Jaeger,\n Zipkin, and Tempo.\n * Packaging: Add stricter systemd unit options.\n * Prometheus: Metrics browser can now handle label values with\n * CodeEditor: Ensure that we trigger the latest onSave callback\n provided to the component.\n * DashboardList/AlertList: Fix for missing All folder value.\n * Plugins: Create a mock icon component to prevent console errors.\n - Update to version 8.2.0-beta2\n * AccessControl: Document new permissions restricting data source\n access.\n * TimePicker: Add fiscal years and search to time picker.\n * Alerting: Added support for Unified Alerting with Grafana HA.\n * Alerting: Added support for tune rule evaluation using configuration\n options.\n * Alerting: Cleanups alertmanager namespace from key-value store when\n disabling Grafana 8 alerts.\n * Alerting: Remove ngalert feature toggle and introduce two new\n settings for enabling Grafana 8 alerts and disabling them for\n specific organisations.\n * CloudWatch: Introduced new math expression where it is necessary to\n specify the period field.\n * InfluxDB: Added support for $__interval and $__interval_ms in Flux\n queries for alerting.\n * InfluxDB: Flux queries can use more precise start and end timestamps\n with nanosecond-precision.\n * Plugins Catalog: Make the catalog the default way to interact with\n plugins.\n * Prometheus: Removed autocomplete limit for metrics.\n * Alerting: Fixed an issue where the edit page crashes if you tried to\n preview an alert without a condition set.\n * Alerting: Fixed rules migration to keep existing Grafana 8 alert\n rules.\n * Alerting: Fixed the silence file content generated during\n * Analytics: Fixed an issue related to interaction event propagation\n in Azure Application Insights.\n * BarGauge: Fixed an issue where the cell color was lit even though\n there was no data.\n * BarGauge: Improved handling of streaming data.\n * CloudMonitoring: Fixed INT64 label unmarshal error.\n * ConfirmModal: Fixes confirm button focus on modal open.\n * Dashboard: Add option to generate short URL for variables with\n values containing spaces.\n * Explore: No longer hides errors containing refId property.\n * Fixed an issue that produced State timeline panel tooltip error when\n data was not in sync.\n * InfluxDB: InfluxQL query editor is set to always use resultFormat.\n * Loki: Fixed creating context query for logs with parsed labels.\n * PageToolbar: Fixed alignment of titles.\n * Plugins Catalog: Update to the list of available panels after an\n install, update or uninstall.\n * TimeSeries: Fixed an issue where the shared cursor was not showing\n when hovering over in old Graph panel.\n * Variables: Fixed issues related to change of focus or refresh pages\n when pressing enter in a text box variable input.\n * Variables: Panel no longer crash when using the adhoc variable in\n data links.\n - Update to version 8.2.0-beta1\n * AccessControl: Introduce new permissions to restrict access for\n reloading provisioning configuration.\n * Alerting: Add UI to edit Cortex/Loki namespace, group names, and\n group evaluation interval.\n * Alerting: Add a Test button to test contact point.\n * Alerting: Allow creating/editing recording rules for Loki and Cortex.\n * Alerting: Metrics should have the label org instead of user.\n * Alerting: Sort notification channels by name to make them easier to\n locate.\n * Alerting: Support org level isolation of notification\n * AzureMonitor: Add data links to deep link to Azure Portal Azure\n Resource Graph.\n * AzureMonitor: Add support for annotations from Azure Monitor Metrics\n and Azure Resource Graph services.\n * AzureMonitor: Show error message when subscriptions request fails in\n ConfigEditor.\n * Chore: Update to Golang 1.16.7.\n * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.\n * CloudWatch Logs: Disable query path using websockets (Live) feature.\n * CloudWatch/Logs: Don't group dataframes for non time series\n * Cloudwatch: Migrate queries that use multiple stats to one query per\n stat.\n * Dashboard: Keep live timeseries moving left (v2).\n * Datasources: Introduce response_limit for datasource responses.\n * Explore: Add filter by trace or span ID to trace to logs\n * Explore: Download traces as JSON in Explore Inspector.\n * Explore: Reuse Dashboard's QueryRows component.\n * Explore: Support custom display label for derived fields buttons for\n Loki datasource.\n * Grafana UI: Update monaco-related dependencies.\n * Graphite: Deprecate browser access mode.\n * InfluxDB: Improve handling of intervals in alerting.\n * InfluxDB: InfluxQL query editor: Handle unusual characters in tag\n values better.\n * Jaeger: Add ability to upload JSON file for trace data.\n * LibraryElements: Enable specifying UID for new and existing library\n elements.\n * LibraryPanels: Remove library panel icon from the panel header so\n you can no longer tell that a panel is a library panel from the\n dashboard view.\n * Logs panel: Scroll to the bottom on page refresh when sorting in\n ascending order.\n * Loki: Add fuzzy search to label browser.\n * Navigation: Implement active state for items in the Sidemenu.\n * Packaging: Update PID file location from /var/run to /run.\n * Plugins: Add Hide OAuth Forward config option.\n * Postgres/MySQL/MSSQL: Add setting to limit the maximum number\n of rows processed.\n * Prometheus: Add browser access mode deprecation warning.\n * Prometheus: Add interpolation for built-in-time variables to backend.\n * Tempo: Add ability to upload trace data in JSON format.\n * TimeSeries/XYChart: Allow grid lines visibility control in XYChart\n and TimeSeries panels.\n * Transformations: Convert field types to time string number or\n boolean.\n * Value mappings: Add regular-expression based value mapping.\n * Zipkin: Add ability to upload trace JSON.\n * Admin: Prevent user from deleting user's current/active\n organization.\n * LibraryPanels: Fix library panel getting saved in the dashboard's\n folder.\n * OAuth: Make generic teams URL and JMES path configurable.\n * QueryEditor: Fix broken copy-paste for mouse middle-click\n * Thresholds: Fix undefined color in \"Add threshold\".\n * Timeseries: Add wide-to-long, and fix multi-frame output.\n * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set\n to All.\n * Grafana UI: Fix TS error property css is missing in type.\n - Update to version 8.1.8\n - Update to version 8.1.7\n * Alerting: Fix alerts with evaluation interval more than 30 seconds\n resolving before notification.\n * Elasticsearch/Prometheus: Fix usage of proper SigV4 service\n namespace.\n - Update to version 8.1.6\n + Security: Fixes CVE-2021-39226.\n - Update to version 8.1.5\n * BarChart: Fixes panel error that happens on second refresh.\n - Update to version 8.1.4\n + Features and enhancements\n * Explore: Ensure logs volume bar colors match legend colors.\n * LDAP: Search all DNs for users.\n * Alerting: Fix notification channel migration.\n * Annotations: Fix blank panels for queries with unknown data sources.\n * BarChart: Fix stale values and x axis labels.\n * Graph: Make old graph panel thresholds work even if ngalert is\n enabled.\n * InfluxDB: Fix regex to identify / as separator.\n * LibraryPanels: Fix update issues related to library panels in rows.\n * Variables: Fix variables not updating inside a Panel when the\n preceding Row uses \"Repeat For\".\n - Update to version 8.1.3\n + Bug fixes\n * Alerting: Fix alert flapping in the internal alertmanager.\n * Alerting: Fix request handler failed to convert dataframe \"results\"\n to plugins.DataTimeSeriesSlice: input frame is not recognized as a\n time series.\n * Dashboard: Fix UIDs are not preserved when importing/creating\n dashboards thru importing .json file.\n * Dashboard: Forces panel re-render when exiting panel edit.\n * Dashboard: Prevent folder from changing when navigating to general\n settings.\n * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix\n CVE-2021-3711.\n * Elasticsearch: Fix metric names for alert queries.\n * Elasticsearch: Limit Histogram field parameter to numeric values.\n * Elasticsearch: Prevent pipeline aggregations to show up in terms\n order by options.\n * LibraryPanels: Prevent duplicate repeated panels from being created.\n * Loki: Fix ad-hoc filter in dashboard when used with parser.\n * Plugins: Track signed files + add warn log for plugin assets which\n are not signed.\n * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.\n * Prometheus: Fix validate selector in metrics browser.\n * Security: Fix stylesheet injection vulnerability.\n * Security: Fix short URL vulnerability.\n - Update to version 8.1.2\n * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.\n * Datasource: Change HTTP status code for failed datasource health\n check to 400.\n * Explore: Add span duration to left panel in trace viewer.\n * Plugins: Use file extension allowlist when serving plugin assets\n instead of checking for UNIX executable.\n * Profiling: Add support for binding pprof server to custom network\n interfaces.\n * Search: Make search icon keyboard navigable.\n * Template variables: Keyboard navigation improvements.\n * Tooltip: Display ms within minute time range.\n * Alerting: Fix saving LINE contact point.\n * Annotations: Fix alerting annotation coloring.\n * Annotations: Alert annotations are now visible in the correct Panel.\n * Auth: Hide SigV4 config UI and disable middleware when its config\n flag is disabled.\n * Dashboard: Prevent incorrect panel layout by comparing window width\n against theme breakpoints.\n * Explore: Fix showing of full log context.\n * PanelEdit: Fix 'Actual' size by passing the correct panel size to\n Dashboard.\n * Plugins: Fix TLS datasource settings.\n * Variables: Fix issue with empty drop downs on navigation.\n * Variables: Fix URL util converting false into true.\n * Toolkit: Fix matchMedia not found error.\n - Update to version 8.1.1\n * CloudWatch Logs: Fix crash when no region is selected.\n - Update to version 8.1.0\n * Alerting: Deduplicate receivers during migration.\n * ColorPicker: Display colors as RGBA.\n * Select: Make portalling the menu opt-in, but opt-in everywhere.\n * TimeRangePicker: Improve accessibility.\n * Annotations: Correct annotations that are displayed upon page\n refresh.\n * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.\n * Annotations: Fix data source template variable that was not\n available for annotations.\n * AzureMonitor: Fix annotations query editor that does not load.\n * Geomap: Fix scale calculations.\n * GraphNG: Fix y-axis autosizing.\n * Live: Display stream rate and fix duplicate channels in list\n * Loki: Update labels in log browser when time range changes in\n dashboard.\n * NGAlert: Send resolve signal to alertmanager on alerting -> Normal.\n * PasswordField: Prevent a password from being displayed when you\n click the Enter button.\n * Renderer: Remove debug.log file when Grafana is stopped.\n * Security: Update dependencies to fix CVE-2021-36222.\n - Update to version 8.1.0-beta3\n * Alerting: Support label matcher syntax in alert rule list filter.\n * IconButton: Put tooltip text as aria-label.\n * Live: Experimental HA with Redis.\n * UI: FileDropzone component.\n * CloudWatch: Add AWS LookoutMetrics.\n * Docker: Fix builds by delaying go mod verify until all required\n files are copied over.\n * Exemplars: Fix disable exemplars only on the query that failed.\n * SQL: Fix SQL dataframe resampling (fill mode + time intervals).\n - Update to version 8.1.0-beta2\n * Alerting: Expand the value string in alert annotations and\n * Auth: Add Azure HTTP authentication middleware.\n * Auth: Auth: Pass user role when using the authentication proxy.\n * Gazetteer: Update countries.json file to allow for linking to\n 3-letter country codes.\n * Config: Fix Docker builds by correcting formatting in sample.ini.\n * Explore: Fix encoding of internal URLs.\n - Update to version 8.1.0-beta1\n * Alerting: Add Alertmanager notifications tab.\n * Alerting: Add button to deactivate current Alertmanager\n * Alerting: Add toggle in Loki/Prometheus data source configuration to\n opt out of alerting UI.\n * Alerting: Allow any \"evaluate for\" value >=0 in the alert rule form.\n * Alerting: Load default configuration from status endpoint, if Cortex\n Alertmanager returns empty user configuration.\n * Alerting: view to display alert rule and its underlying data.\n * Annotation panel: Release the annotation panel.\n * Annotations: Add typeahead support for tags in built-in annotations.\n * AzureMonitor: Add curated dashboards for Azure services.\n * AzureMonitor: Add support for deep links to Microsoft Azure portal\n for Metrics.\n * AzureMonitor: Remove support for different credentials for Azure\n Monitor Logs.\n * AzureMonitor: Support querying any Resource for Logs queries.\n * Elasticsearch: Add frozen indices search support.\n * Elasticsearch: Name fields after template variables values instead\n of their name.\n * Elasticsearch: add rate aggregation.\n * Email: Allow configuration of content types for email notifications.\n * Explore: Add more meta information when line limit is hit.\n * Explore: UI improvements to trace view.\n * FieldOverrides: Added support to change display name in an\n override field and have it be matched by a later rule.\n * HTTP Client: Introduce dataproxy_max_idle_connections config\n variable.\n * InfluxDB: InfluxQL: adds tags to timeseries data.\n * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy\n Alerting: Replace simplejson with a struct in webhook notification\n channel.\n * Legend: Updates display name for Last (not null) to just Last*.\n * Logs panel: Add option to show common labels.\n * Loki: Add $__range variable.\n * Loki: Add support for \"label_values(log stream selector, label)\" in\n templating.\n * Loki: Add support for ad-hoc filtering in dashboard.\n * MySQL Datasource: Add timezone parameter.\n * NodeGraph: Show gradient fields in legend.\n * PanelOptions: Don't mutate panel options/field config object when\n updating.\n * PieChart: Make pie gradient more subtle to match other charts.\n * Prometheus: Update PromQL typeahead and highlighting.\n * Prometheus: interpolate variable for step field.\n * Provisioning: Improve validation by validating across all dashboard\n providers.\n * SQL Datasources: Allow multiple string/labels columns with time\n series.\n * Select: Portal select menu to document.body.\n * Team Sync: Add group mapping to support team sync in the Generic\n OAuth provider.\n * Tooltip: Make active series more noticeable.\n * Tracing: Add support to configure trace to logs start and end time.\n * Transformations: Skip merge when there is only a single data frame.\n * ValueMapping: Added support for mapping text to color, boolean\n values, NaN and Null. Improved UI for value mapping.\n * Visualizations: Dynamically set any config (min, max, unit, color,\n thresholds) from query results.\n * live: Add support to handle origin without a value for the port when\n matching with root_url.\n * Alerting: Handle marshaling Inf values.\n * AzureMonitor: Fix macro resolution for template variables.\n * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes\n resources.\n * AzureMonitor: Request and concat subsequent resource pages.\n * Bug: Fix parse duration for day.\n * Datasources: Improve error handling for error messages.\n * Explore: Correct the functionality of shift-enter shortcut across\n all uses.\n * Explore: Show all dataFrames in data tab in Inspector.\n * GraphNG: Fix Tooltip mode 'All' for XYChart.\n * Loki: Fix highlight of logs when using filter expressions with\n backticks.\n * Modal: Force modal content to overflow with scroll.\n * Plugins: Ignore symlinked folders when verifying plugin signature.\n * Toolkit: Improve error messages when tasks fail.\n - Update to version 8.0.7\n - Update to version 8.0.6\n * Alerting: Add annotation upon alert state change.\n * Alerting: Allow space in label and annotation names.\n * InfluxDB: Improve legend labels for InfluxDB query results.\n * Alerting: Fix improper alert by changing the handling of empty\n labels.\n * CloudWatch/Logs: Reestablish Cloud Watch alert behavior.\n * Dashboard: Avoid migration breaking on fieldConfig without defaults\n field in folded panel.\n * DashboardList: Fix issue not re-fetching dashboard list after\n variable change.\n * Database: Fix incorrect format of isolation level configuration\n parameter for MySQL.\n * InfluxDB: Correct tag filtering on InfluxDB data.\n * Links: Fix links that caused a full page reload.\n * Live: Fix HTTP error when InfluxDB metrics have an incomplete\n or asymmetrical field set.\n * Postgres/MySQL/MSSQL: Change time field to \"Time\" for time series\n queries.\n * Postgres: Fix the handling of a null return value in query\n * Tempo: Show hex strings instead of uints for IDs.\n * TimeSeries: Improve tooltip positioning when tooltip\n overflows.\n * Transformations: Add 'prepare time series' transformer.\n - Update to version 8.0.5\n * Cloudwatch Logs: Send error down to client.\n * Folders: Return 409 Conflict status when folder already exists.\n * TimeSeries: Do not show series in tooltip if it's hidden in the viz.\n * AzureMonitor: Fix issue where resource group name is missing\n on the resource picker button.\n * Chore: Fix AWS auth assuming role with workspace IAM.\n * DashboardQueryRunner: Fixes unrestrained subscriptions being\n * DateFormats: Fix reading correct setting key for use_browser_locale.\n * Links: Fix links to other apps outside Grafana when under sub path.\n * Snapshots: Fix snapshot absolute time range issue.\n * Table: Fix data link color.\n * Time Series: Fix X-axis time format when tick increment is larger\n than a year.\n * Tooltip Plugin: Prevent tooltip render if field is undefined.\n - Update to version 8.0.4\n * Live: Rely on app url for origin check.\n * PieChart: Sort legend descending, update placeholder.\n * TimeSeries panel: Do not reinitialize plot when thresholds mode\n change.\n * Elasticsearch: Allow case sensitive custom options in date_histogram\n interval.\n * Elasticsearch: Restore previous field naming strategy when using\n variables.\n * Explore: Fix import of queries between SQL data sources.\n * InfluxDB: InfluxQL query editor: fix retention policy handling.\n * Loki: Send correct time range in template variable queries.\n * TimeSeries: Preserve RegExp series overrides when migrating from old\n graph panel.\n - Update to version 8.0.3\n * Alerting: Increase alertmanager_conf column if MySQL.\n * Time series/Bar chart panel: Handle infinite numbers as nulls when\n converting to plot array.\n * TimeSeries: Ensure series overrides that contain color are migrated,\n and migrate the previous fieldConfig when changing the panel type.\n * ValueMappings: Improve singlestat value mappings migration.\n * Annotations: Fix annotation line and marker colors.\n * AzureMonitor: Fix KQL template variable queries without default\n workspace.\n * CloudWatch/Logs: Fix missing response data for log queries.\n * LibraryPanels: Fix crash in library panels list when panel plugin is\n not found.\n * LogsPanel: Fix performance drop when moving logs panel in\n * Loki: Parse log levels when ANSI coloring is enabled.\n * MSSQL: Fix issue with hidden queries still being executed.\n * PanelEdit: Display the VisualizationPicker that was not displayed if\n a panel has an unknown panel plugin.\n * Plugins: Fix loading symbolically linked plugins.\n * Prometheus: Fix issue where legend name was replaced with name Value\n in stat and gauge panels.\n * State Timeline: Fix crash when hovering over panel.\n - Update to version 8.0.2\n * Datasource: Add support for max_conns_per_host in dataproxy settings.\n * Configuration: Fix changing org preferences in FireFox.\n * PieChart: Fix legend dimension limits.\n * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.\n * Variables: Hide default data source if missing from regex.\n - Update to version 8.0.1\n * Alerting/SSE: Fix \"count_non_null\" reducer validation.\n * Cloudwatch: Fix duplicated time series.\n * Cloudwatch: Fix missing defaultRegion.\n * Dashboard: Fix Dashboard init failed error on dashboards with\n old singlestat panels in collapsed rows.\n * Datasource: Fix storing timeout option as numeric.\n * Postgres/MySQL/MSSQL: Fix annotation parsing for empty\n * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned\n from query variables.\n * Postgres: Fix an error that was thrown when the annotation query did\n not return any results.\n * StatPanel: Fix an issue with the appearance of the graph when\n switching color mode.\n * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart\n panels where all values mode were showing the same name if they had\n the same value.\n * Toolkit: Resolve external fonts when Grafana is served from a sub\n path.\n - Update to version 8.0.0\n * The following endpoints were deprecated for Grafana v5.0 and support\n for them has now been removed: GET /dashboards/db/:slug GET\n /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE\n /api/dashboards/db/:slug\n * AzureMonitor: Require default subscription for workspaces() template\n variable query.\n * AzureMonitor: Use resource type display names in the UI.\n * Dashboard: Remove support for loading and deleting dashboard by slug.\n * InfluxDB: Deprecate direct browser access in data source.\n * VizLegend: Add a read-only property.\n * AzureMonitor: Fix Azure Resource Graph queries in Azure China.\n * Checkbox: Fix vertical layout issue with checkboxes due to fixed\n height.\n * Dashboard: Fix Table view when editing causes the panel data to not\n update.\n * Dashboard: Fix issues where unsaved-changes warning is not displayed.\n * Login: Fixes Unauthorized message showing when on login page\n or snapshot page.\n * NodeGraph: Fix sorting markers in grid view.\n * Short URL: Include orgId in generated short URLs.\n * Variables: Support raw values of boolean type.\n - Update to version 8.0.0-beta3\n * The default HTTP method for Prometheus data source is now POST.\n * API: Support folder UID in dashboards API.\n * Alerting: Add support for configuring avatar URL for the Discord\n notifier.\n * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs.\n * Azure: Expose Azure settings to external plugins.\n * AzureMonitor: Deprecate using separate credentials for Azure Monitor\n Logs.\n * AzureMonitor: Display variables in resource picker for Azure\n * AzureMonitor: Hide application insights for data sources not using\n it.\n * AzureMonitor: Support querying subscriptions and resource groups in\n Azure Monitor Logs.\n * AzureMonitor: remove requirement for default subscription.\n * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics.\n * CloudWatch: Add missing AWS AppSync metrics.\n * ConfirmModal: Auto focus delete button.\n * Explore: Add caching for queries that are run from logs\n * Loki: Add formatting for annotations.\n * Loki: Bring back processed bytes as meta information.\n * NodeGraph: Display node graph collapsed by default with trace view.\n * Overrides: Include a manual override option to hide something from\n visualization.\n * PieChart: Support row data in pie charts.\n * Prometheus: Update default HTTP method to POST for existing data\n sources.\n * Time series panel: Position tooltip correctly when window is\n scrolled or resized.\n * Admin: Fix infinite loading edit on the profile page.\n * Color: Fix issues with random colors in string and date\n * Dashboard: Fix issue with title or folder change has no effect after\n exiting settings view.\n * DataLinks: Fix an issue __series.name is not working in data link.\n * Datasource: Fix dataproxy timeout should always be applied for\n outgoing data source HTTP requests.\n * Elasticsearch: Fix NewClient not passing httpClientProvider to\n client impl.\n * Explore: Fix Browser title not updated on Navigation to Explore.\n * GraphNG: Remove fieldName and hideInLegend properties from\n UPlotSeriesBuilder.\n * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD\n OAuth when no role claims exists.\n * PanelChrome: Fix issue with empty panel after adding a non data\n panel and coming back from panel edit.\n * StatPanel: Fix data link tooltip not showing for single value.\n * Table: Fix sorting for number fields.\n * Table: Have text underline for datalink, and add support for image\n datalink.\n * Transformations: Prevent FilterByValue transform from crashing panel\n edit.\n - Update to version 8.0.0-beta2\n * AppPlugins: Expose react-router to apps.\n * AzureMonitor: Add Azure Resource Graph.\n * AzureMonitor: Managed Identity configuration UI.\n * AzureMonitor: Token provider with support for Managed Identities.\n * AzureMonitor: Update Logs workspace() template variable query to\n return resource URIs.\n * BarChart: Value label sizing.\n * CloudMonitoring: Add support for preprocessing.\n * CloudWatch: Add AWS/EFS StorageBytes metric.\n * CloudWatch: Allow use of missing AWS namespaces using custom\n * Datasource: Shared HTTP client provider for core backend data\n sources and any data source using the data source proxy.\n * InfluxDB: InfluxQL: allow empty tag values in the query editor.\n * Instrumentation: Instrument incoming HTTP request with histograms by\n default.\n * Library Panels: Add name endpoint & unique name validation to\n AddLibraryPanelModal.\n * Logs panel: Support details view.\n * PieChart: Always show the calculation options dropdown in the\n * PieChart: Remove beta flag.\n * Plugins: Enforce signing for all plugins.\n * Plugins: Remove support for deprecated backend plugin protocol\n version.\n * Tempo/Jaeger: Add better display name to legend.\n * Timeline: Add time range zoom.\n * Timeline: Adds opacity & line width option.\n * Timeline: Value text alignment option.\n * ValueMappings: Add duplicate action, and disable dismiss on backdrop\n click.\n * Zipkin: Add node graph view to trace response.\n * Annotations panel: Remove subpath from dashboard links.\n * Content Security Policy: Allow all image sources by default.\n * Content Security Policy: Relax default template wrt. loading\n of scripts, due to nonces not working.\n * Datasource: Fix tracing propagation for alert execution by\n introducing HTTP client outgoing tracing middleware.\n * InfluxDB: InfluxQL always apply time interval end.\n * Library Panels: Fixes \"error while loading library panels\".\n * NewsPanel: Fixes rendering issue in Safari.\n * PanelChrome: Fix queries being issued again when scrolling in and\n out of view.\n * Plugins: Fix Azure token provider cache panic and auth param nil\n value.\n * Snapshots: Fix key and deleteKey being ignored when creating an\n external snapshot.\n * Table: Fix issue with cell border not showing with colored\n background cells.\n * Table: Makes tooltip scrollable for long JSON values.\n * TimeSeries: Fix for Connected null values threshold toggle during\n panel editing.\n * Variables: Fixes inconsistent selected states on dashboard\n * Variables: Refreshes all panels even if panel is full screen.\n * QueryField: Remove carriage return character from pasted text.\n - Update to version 8.0.0-beta1\n + License update:\n * AGPL License: Update license from Apache 2.0 to the GNU Affero\n General Public License (AGPL).\n * Removes the never refresh option for Query variables.\n * Removes the experimental Tags feature for Variables.\n + Deprecations:\n * The InfoBox & FeatureInfoBox are now deprecated please use the Alert\n component instead with severity info.\n * API: Add org users with pagination.\n * API: Return 404 when deleting nonexistent API key.\n * API: Return query results as JSON rather than base64 encoded Arrow.\n * Alerting: Allow sending notification tags to Opsgenie as extra\n properties.\n * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert.\n * Auth: Add support for JWT Authentication.\n * AzureMonitor: Add support for Microsoft.SignalRService/SignalR\n metrics.\n * AzureMonitor: Azure settings in Grafana server config.\n * AzureMonitor: Migrate Metrics query editor to React.\n * BarChart panel: enable series toggling via legend.\n * BarChart panel: Adds support for Tooltip in BarChartPanel.\n * PieChart panel: Change look of highlighted pie slices.\n * CloudMonitoring: Migrate config editor from angular to react.\n * CloudWatch: Add Amplify Console metrics and dimensions.\n * CloudWatch: Add missing Redshift metrics to CloudWatch data\n * CloudWatch: Add metrics for managed RabbitMQ service.\n * DashboardList: Enable templating on search tag input.\n * Datasource config: correctly remove single custom http header.\n * Elasticsearch: Add generic support for template variables.\n * Elasticsearch: Allow omitting field when metric supports inline\n script.\n * Elasticsearch: Allow setting a custom limit for log queries.\n * Elasticsearch: Guess field type from first non-empty value.\n * Elasticsearch: Use application/x-ndjson content type for multisearch\n requests.\n * Elasticsearch: Use semver strings to identify ES version.\n * Explore: Add logs navigation to request more logs.\n * Explore: Map Graphite queries to Loki.\n * Explore: Scroll split panes in Explore independently.\n * Explore: Wrap each panel in separate error boundary.\n * FieldDisplay: Smarter naming of stat values when visualising row\n values (all values) in stat panels.\n * Graphite: Expand metric names for variables.\n * Graphite: Handle unknown Graphite functions without breaking the\n visual editor.\n * Graphite: Show graphite functions descriptions.\n * Graphite: Support request cancellation properly (Uses new\n backendSrv.fetch Observable request API).\n * InfluxDB: Flux: Improve handling of complex response-structures.\n * InfluxDB: Support region annotations.\n * Inspector: Download logs for manual processing.\n * Jaeger: Add node graph view for trace.\n * Jaeger: Search traces.\n * Loki: Use data source settings for alerting queries.\n * NodeGraph: Exploration mode.\n * OAuth: Add support for empty scopes.\n * PanelChrome: New logic-less emotion based component with no\n dependency on PanelModel or DashboardModel.\n * PanelEdit: Adds a table view toggle to quickly view data in table\n form.\n * PanelEdit: Highlight matched words when searching options.\n * PanelEdit: UX improvements.\n * Plugins: PanelRenderer and simplified QueryRunner to be used from\n plugins.\n * Plugins: AuthType in route configuration and params interpolation.\n * Plugins: Enable plugin runtime install/uninstall capabilities.\n * Plugins: Support set body content in plugin routes.\n * Plugins: Introduce marketplace app.\n * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be\n reused in plugins.\n * Prometheus: Add custom query params for alert and exemplars\n * Prometheus: Use fuzzy string matching to autocomplete metric names\n and label.\n * Routing: Replace Angular routing with react-router.\n * Slack: Use chat.postMessage API by default.\n * Tempo: Search for Traces by querying Loki directly from Tempo.\n * Tempo: Show graph view of the trace.\n * Themes: Switch theme without reload using global shortcut.\n * TimeSeries panel: Add support for shared cursor.\n * TimeSeries panel: Do not crash the panel if there is no time series\n data in the response.\n * Variables: Do not save repeated panels, rows and scopedVars.\n * Variables: Removes experimental Tags feature.\n * Variables: Removes the never refresh option.\n * Visualizations: Unify tooltip options across visualizations.\n * Visualizations: Refactor and unify option creation between new\n visualizations.\n * Visualizations: Remove singlestat panel.\n * APIKeys: Fixes issue with adding first api key.\n * Alerting: Add checks for non supported units - disable defaulting to\n seconds.\n * Alerting: Fix issue where Slack notifications won't link to user IDs.\n * Alerting: Omit empty message in PagerDuty notifier.\n * AzureMonitor: Fix migration error from older versions of App\n Insights queries.\n * CloudWatch: Fix AWS/Connect dimensions.\n * CloudWatch: Fix broken AWS/MediaTailor dimension name.\n * Dashboards: Allow string manipulation as advanced variable format\n option.\n * DataLinks: Includes harmless extended characters like Cyrillic\n characters.\n * Drawer: Fixes title overflowing its container.\n * Explore: Fix issue when some query errors were not shown.\n * Generic OAuth: Prevent adding duplicated users.\n * Graphite: Handle invalid annotations.\n * Graphite: Fix autocomplete when tags are not available.\n * InfluxDB: Fix Cannot read property 'length' of undefined in when\n parsing response.\n * Instrumentation: Enable tracing when Jaeger host and port are\n * Instrumentation: Prefix metrics with grafana.\n * MSSQL: By default let driver choose port.\n * OAuth: Add optional strict parsing of role_attribute_path.\n * Panel: Fixes description markdown with inline code being rendered on\n newlines and full width.\n * PanelChrome: Ignore data updates & errors for non data panels.\n * Permissions: Fix inherited folder permissions can prevent new\n permissions being added to a dashboard.\n * Plugins: Remove pre-existing plugin installs when installing with\n grafana-cli.\n * Plugins: Support installing to folders with whitespace and fix\n pluginUrl trailing and leading whitespace failures.\n * Postgres/MySQL/MSSQL: Don't return connection failure details to the\n client.\n * Postgres: Fix ms precision of interval in time group macro when\n TimescaleDB is enabled.\n * Provisioning: Use dashboard checksum field as change indicator.\n * SQL: Fix so that all captured errors are returned from sql engine.\n * Shortcuts: Fixes panel shortcuts so they always work.\n * Table: Fixes so border is visible for cells with links.\n * Variables: Clear query when data source type changes.\n * Variables: Filters out builtin variables from unknown list.\n * Button: Introduce buttonStyle prop.\n * DataQueryRequest: Remove deprecated props showingGraph and\n showingTabel and exploreMode.\n * grafana/ui: Update React Hook Form to v7.\n * IconButton: Introduce variant for red and blue icon buttons.\n * Plugins: Expose the getTimeZone function to be able to get the\n current selected timeZone.\n * TagsInput: Add className to TagsInput.\n * VizLegend: Move onSeriesColorChanged to PanelContext (breaking\n change).\n - Update to version 7.5.13\n * Alerting: Fix NoDataFound for alert rules using AND operator.\n\n mgr-cfg:\n\n - Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage for\n SLE15 (bsc#1197579)\n - Version 4.2.7-1\n * Fix installation problem for SLE15SP4 due missing python-selinux\n\n mgr-osad:\n\n - Version 4.2.8-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n mgr-push:\n\n - Version 4.2.5-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n mgr-virtualization:\n\n - Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n prometheus-postgres_exporter:\n\n - Version 0.10.0\n * Added hardening to systemd service(s) with changes to\n `prometheus-postgres_exporter.service` (bsc#1181400)\n * Package rename from golang-github-wrouesnel-postgres_exporter\n (jsc#SLE-23051)\n\n rhnlib:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n spacecmd:\n\n - Version 4.2.16-1\n * implement system.bootstrap (bsc#1194909)\n * Fix interactive mode for \"system_applyerrata\" and \"errata_apply\"\n (bsc#1194363)\n\n spacewalk-client-tools:\n\n - Version 4.2.18-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n - Version 4.2.17-1\n * Update translation strings\n\n spacewalk-koan:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n spacewalk-oscap:\n\n - Version 4.2.4-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n suseRegisterInfo:\n\n - Version 4.2.6-1\n * Fix the condition for preventing building python 2 subpackage for SLE15\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-1396=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-1396=1\n\n - SUSE Manager Tools 15:\n\n zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-1396=1\n\n - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:\n\n zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "suse", "title": "Security update for SUSE Manager Client Tools (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-3711", "CVE-2021-39226", "CVE-2021-41174", "CVE-2021-41244", "CVE-2021-43798", "CVE-2021-43813", "CVE-2021-43815", "CVE-2022-21673", "CVE-2022-21702", "CVE-2022-21703", "CVE-2022-21713"], "modified": "2022-04-25T00:00:00", "id": "SUSE-SU-2022:1396-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ESPDBLVWSZSR5FGSXSIJXGNV5FP6I3Z5/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-05-23T17:16:48", "description": "A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-19T15:50:13", "type": "redhatcve", "title": "CVE-2021-36222", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2023-04-06T08:49:59", "id": "RH:CVE-2021-36222", "href": "https://access.redhat.com/security/cve/cve-2021-36222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:35", "description": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-22T18:15:00", "type": "alpinelinux", "title": "CVE-2021-36222", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-11-28T23:19:00", "id": "ALPINE:CVE-2021-36222", "href": "https://security.alpinelinux.org/vuln/CVE-2021-36222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-05-24T10:10:05", "description": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-22T18:15:00", "type": "debiancve", "title": "CVE-2021-36222", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222"], "modified": "2021-07-22T18:15:00", "id": "DEBIANCVE:CVE-2021-36222", "href": "https://security-tracker.debian.org/tracker/CVE-2021-36222", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2023-05-23T16:23:20", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. (CVE-2021-36222, CVE-2021-37750) Update Instructions: Run `sudo pro fix USN-5959-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libk5crypto3 \u2013 1.16-2ubuntu0.4 krb5-kpropd \u2013 1.16-2ubuntu0.4 libkdb5-9 \u2013 1.16-2ubuntu0.4 krb5-user \u2013 1.16-2ubuntu0.4 libgssrpc4 \u2013 1.16-2ubuntu0.4 libkrb5support0 \u2013 1.16-2ubuntu0.4 krb5-doc \u2013 1.16-2ubuntu0.4 libkrb5-dev \u2013 1.16-2ubuntu0.4 krb5-pkinit \u2013 1.16-2ubuntu0.4 libkrb5-3 \u2013 1.16-2ubuntu0.4 krb5-kdc-ldap \u2013 1.16-2ubuntu0.4 krb5-otp \u2013 1.16-2ubuntu0.4 krb5-gss-samples \u2013 1.16-2ubuntu0.4 libkrad-dev \u2013 1.16-2ubuntu0.4 krb5-locales \u2013 1.16-2ubuntu0.4 libgssapi-krb5-2 \u2013 1.16-2ubuntu0.4 krb5-kdc \u2013 1.16-2ubuntu0.4 krb5-multidev \u2013 1.16-2ubuntu0.4 krb5-k5tls \u2013 1.16-2ubuntu0.4 libkrad0 \u2013 1.16-2ubuntu0.4 libkadm5srv-mit11 \u2013 1.16-2ubuntu0.4 libkadm5clnt-mit11 \u2013 1.16-2ubuntu0.4 krb5-admin-server \u2013 1.16-2ubuntu0.4 No subscription required\n\nCVEs contained in this USN include: CVE-2021-36222, CVE-2021-37750.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.188\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.357.0\n * CF Deployment \n * All versions prior to 27.4.0, or later versions with Bionic Stemcells prior to 1.188\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.188 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.357.0 or greater\n * CF Deployment \n * Upgrade all versions to 27.4.0 or greater and upgrade Bionic Stemcells to 1.188 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5959-1>)\n * [CVE-2021-36222](<https://ubuntu.com/security/CVE-2021-36222>)\n * [CVE-2021-37750](<https://ubuntu.com/security/CVE-2021-37750>)\n\n## History\n\n2023-04-29: Initial vulnerability report published.v\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-29T00:00:00", "type": "cloudfoundry", "title": "USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2023-04-29T00:00:00", "id": "CFOUNDRY:A9FC68450FD5C662826D59FF602CBEE5", "href": "https://www.cloudfoundry.org/blog/usn-5959-1-kerberos-vulnerabilities-severity/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-11-26T18:28:16", "description": "[1.18.2-8.3]\n- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)\n- Resolves: #1997600\n[1.18.2-8.2]\n- Rebuild for rpminspect; no code changes\n- Resolves: #1983728\n[1.18.2-8.1]\n- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)\n- Resolves: #1983728", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-23T00:00:00", "type": "oraclelinux", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-09-23T00:00:00", "id": "ELSA-2021-3576", "href": "http://linux.oracle.com/errata/ELSA-2021-3576.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2023-05-25T12:20:42", "description": "Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nSecurity Fix(es):\n\n* krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n* krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-21T07:09:33", "type": "redhat", "title": "(RHSA-2021:3576) Moderate: krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-09-21T07:51:09", "id": "RHSA-2021:3576", "href": "https://access.redhat.com/errata/RHSA-2021:3576", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.8 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-v2v-conversion-container-v2.6.8-1\nhyperconverged-cluster-webhook-container-v2.6.8-1\nvm-import-controller-container-v2.6.8-1\nkubevirt-cpu-model-nfd-plugin-container-v2.6.8-2\nvm-import-operator-container-v2.6.8-1\nkubevirt-cpu-node-labeller-container-v2.6.8-1\nkubevirt-ssp-operator-container-v2.6.8-1\nkubemacpool-container-v2.6.8-1\ncluster-network-addons-operator-container-v2.6.8-1\nvirt-cdi-cloner-container-v2.6.8-1\nvirt-cdi-uploadproxy-container-v2.6.8-1\nkubernetes-nmstate-handler-container-v2.6.8-1\novs-cni-plugin-container-v2.6.8-1\novs-cni-marker-container-v2.6.8-1\nhostpath-provisioner-operator-container-v2.6.8-1\nkubevirt-vmware-container-v2.6.8-2\nkubevirt-template-validator-container-v2.6.8-2\nkubevirt-kvm-info-nfd-plugin-container-v2.6.8-1\nnode-maintenance-operator-container-v2.6.8-1\nvm-import-virtv2v-container-v2.6.8-1\nhostpath-provisioner-container-v2.6.8-1\nvirt-cdi-uploadserver-container-v2.6.8-1\ncnv-containernetworking-plugins-container-v2.6.8-1\nvirtio-win-container-v2.6.8-2\nvirt-cdi-controller-container-v2.6.8-1\nvirt-cdi-importer-container-v2.6.8-1\nvirt-cdi-apiserver-container-v2.6.8-1\nvirt-cdi-operator-container-v2.6.8-1\nbridge-marker-container-v2.6.8-1\nhyperconverged-cluster-operator-container-v2.6.8-1\ncnv-must-gather-container-v2.6.8-5\nvirt-launcher-container-v2.6.8-5\nvirt-operator-container-v2.6.8-5\nvirt-api-container-v2.6.8-5\nvirt-controller-container-v2.6.8-5\nvirt-handler-container-v2.6.8-5\nhco-bundle-registry-container-v2.6.8-23\n\nSecurity Fix(es):\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-11-17T18:35:17", "type": "redhat", "title": "(RHSA-2021:4725) Moderate: OpenShift Virtualization 2.6.8 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25648", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-29923", "CVE-2021-34558", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-3733", "CVE-2021-37750"], "modified": "2021-11-17T18:35:46", "id": "RHSA-2021:4725", "href": "https://access.redhat.com/errata/RHSA-2021:4725", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. See the following Release Notes\ndocumentation, which will be updated shortly for this release, for additional\ndetails about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/\n\nSecurity fix:\n\n* management-ingress-container: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-23T14:58:27", "type": "redhat", "title": "(RHSA-2021:3653) Important: Red Hat Advanced Cluster Management 2.1.11 security fix and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27777", "CVE-2021-22555", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23017", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-31535", "CVE-2021-32399", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-37750"], "modified": "2021-09-23T14:58:44", "id": "RHSA-2021:3653", "href": "https://access.redhat.com/errata/RHSA-2021:3653", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.0 images:\n\nRHEL-8-CNV-4.9\n==============\nkubevirt-v2v-conversion-container-v4.9.0-9\nvm-import-controller-container-v4.9.0-15\ncnv-containernetworking-plugins-container-v4.9.0-15\nkubemacpool-container-v4.9.0-18\nvirtio-win-container-v4.9.0-8\nvm-import-operator-container-v4.9.0-15\nkubevirt-vmware-container-v4.9.0-8\nkubevirt-template-validator-container-v4.9.0-14\ncluster-network-addons-operator-container-v4.9.0-26\nkubernetes-nmstate-handler-container-v4.9.0-25\nnode-maintenance-operator-container-v4.9.0-13\nhostpath-provisioner-container-v4.9.0-6\nbridge-marker-container-v4.9.0-13\nkubevirt-ssp-operator-container-v4.9.0-28\novs-cni-marker-container-v4.9.0-16\novs-cni-plugin-container-v4.9.0-16\nvm-import-virtv2v-container-v4.9.0-15\nvirt-cdi-apiserver-container-v4.9.0-35\nvirt-cdi-cloner-container-v4.9.0-35\nvirt-cdi-uploadproxy-container-v4.9.0-35\nvirt-cdi-controller-container-v4.9.0-35\nhostpath-provisioner-operator-container-v4.9.0-15\nvirt-cdi-importer-container-v4.9.0-35\nvirt-cdi-uploadserver-container-v4.9.0-35\nvirt-cdi-operator-container-v4.9.0-35\nvirt-launcher-container-v4.9.0-58\nvirt-api-container-v4.9.0-58\nvirt-handler-container-v4.9.0-58\nvirt-operator-container-v4.9.0-58\nvirt-controller-container-v4.9.0-58\nvirt-artifacts-server-container-v4.9.0-58\nlibguestfs-tools-container-v4.9.0-58\ncnv-must-gather-container-v4.9.0-54\nhyperconverged-cluster-operator-container-v4.9.0-57\nhyperconverged-cluster-webhook-container-v4.9.0-57\nhco-bundle-registry-container-v4.9.0-249\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-11-02T13:26:18", "type": "redhat", "title": "(RHSA-2021:4104) Moderate: OpenShift Virtualization 4.9.0 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25648", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-37750"], "modified": "2021-11-02T13:26:34", "id": "RHSA-2021:4104", "href": "https://access.redhat.com/errata/RHSA-2021:4104", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.0.\n\nSecurity Fixes:\n\n* PT RHOAM: XSS in 3scale at various places (CVE-2021-3442)\n\n* aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang (CVE-2020-8911)\n\n* aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang (CVE-2020-8912)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-10-14T05:55:21", "type": "redhat", "title": "(RHSA-2021:3851) Important: Red Hat 3scale API Management 2.11.0 Release - Container Images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8911", "CVE-2020-8912", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23017", "CVE-2021-27218", "CVE-2021-3442", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-37576", "CVE-2021-37750", "CVE-2021-3814", "CVE-2021-38201"], "modified": "2022-08-10T03:11:31", "id": "RHSA-2021:3851", "href": "https://access.redhat.com/errata/RHSA-2021:3851", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:21", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nThis advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/\n\nSecurity fixes:\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)\n\n* redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nContainer updates:\n\n* RHACM 2.1.12 images (BZ# 2007489)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-20T15:05:45", "type": "redhat", "title": "(RHSA-2021:3949) Important: Red Hat Advanced Cluster Management 2.1.12 security fixes and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2021-22543", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-37576", "CVE-2021-37750", "CVE-2021-41099"], "modified": "2021-10-20T15:06:11", "id": "RHSA-2021:3949", "href": "https://access.redhat.com/errata/RHSA-2021:3949", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.9 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.\n\nClusters and applications are all visible and managed from a single console \u2014 with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide bug fixes and security fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)\n \n* object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)\n\nBug fixes: \n\n* RHACM 2.2.9 images (BZ #1999601)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-14T19:47:17", "type": "redhat", "title": "(RHSA-2021:3873) Important: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2020-15256", "CVE-2021-22543", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23017", "CVE-2021-23434", "CVE-2021-23440", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-36222", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-3715", "CVE-2021-37576", "CVE-2021-37750", "CVE-2021-3795", "CVE-2021-38201", "CVE-2021-41099"], "modified": "2021-11-05T17:04:06", "id": "RHSA-2021:3873", "href": "https://access.redhat.com/errata/RHSA-2021:3873", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method\n\n* CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack\n\n* CVE-2021-32627: redis: Integer overflow issue with Streams\n\n* CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure\n\n* CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser\n\n* CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request\n\n* CVE-2021-32687: redis: Integer overflow issue with intsets\n\n* CVE-2021-32690: helm: information disclosure vulnerability\n\n* CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite\n\n* CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite\n\n* CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n\n* CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow\n\n* CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings\n\n* CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function\n\n* CVE-2021-41099: redis: Integer overflow issue with strings\n\nBug fixes:\n\n* RFE ACM Application management UI doesn't reflect object status (Bugzilla #1965321)\n\n* RHACM 2.4 files (Bugzilla #1983663)\n\n* Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366)\n\n* submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla #1994668)\n\n* ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274)\n\n* pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915)\n\n* InfraEnv condition does not reflect the actual error message (Bugzilla #2009204, 2010030)\n\n* Flaky test point to a nil pointer conditions list (Bugzilla #2010175)\n\n* InfraEnv status shows 'Failed to create image: internal error (Bugzilla #2010272)\n\n* subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla #2013157)\n\n* pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T19:24:59", "type": "redhat", "title": "(RHSA-2021:4618) Important: Red Hat Advanced Cluster Management 2.4 images and security updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36385", "CVE-2021-0512", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23017", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-32690", "CVE-2021-32803", "CVE-2021-32804", "CVE-2021-33623", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-36222", "CVE-2021-3656", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-3733", "CVE-2021-3749", "CVE-2021-37750", "CVE-2021-41099"], "modified": "2021-11-10T19:26:57", "id": "RHSA-2021:4618", "href": "https://access.redhat.com/errata/RHSA-2021:4618", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Quay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-10-19T12:05:33", "type": "redhat", "title": "(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16137", "CVE-2017-16138", "CVE-2018-1107", "CVE-2018-1109", "CVE-2018-16492", "CVE-2018-21270", "CVE-2018-3721", "CVE-2018-3728", "CVE-2018-3774", "CVE-2019-1010266", "CVE-2019-20920", "CVE-2019-20922", "CVE-2020-15366", "CVE-2020-25648", "CVE-2020-26237", "CVE-2020-26291", "CVE-2020-35653", "CVE-2020-35654", "CVE-2020-7608", "CVE-2020-8203", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23364", "CVE-2021-23368", "CVE-2021-23382", "CVE-2021-25289", "CVE-2021-25290", "CVE-2021-25291", "CVE-2021-25292", "CVE-2021-25293", "CVE-2021-27515", "CVE-2021-27516", "CVE-2021-27921", "CVE-2021-27922", "CVE-2021-27923", "CVE-2021-34552", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-10-19T12:05:55", "id": "RHSA-2021:3917", "href": "https://access.redhat.com/errata/RHSA-2021:3917", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with\nsecurity policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and provide security updates. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nNote: Because Red Hat OpenShift Container Platform version 4.9 was just released, the functional testing of the compatibility between Red Hat Advanced Cluster Management 2.3.3 and Red Hat OpenShift Container Platform version 4.9 is still in progress.\n\nSecurity fixes: \n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\nBug fixes:\n\n* KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358)\n\n* Add columns to the Agent CRD list (BZ# 1977398)\n\n* ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081)\n\n* RHACM 2.3.3 images (BZ# 1999365)\n\n* Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294)\n\n* create cluster page empty in Safary Browser (BZ# 2002280)\n\n* Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667)\n\n* Overview page displays VMware based managed cluster as other (BZ# 2004188)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-19T23:47:29", "type": "redhat", "title": "(RHSA-2021:3925) Important: Red Hat Advanced Cluster Management 2.3.3 bug fix, security, and image updates", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2020-25648", "CVE-2021-21419", "CVE-2021-21623", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-21648", "CVE-2021-21670", "CVE-2021-21671", "CVE-2021-22543", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-23017", "CVE-2021-23434", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-25735", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-3114", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-32690", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36222", "CVE-2021-3636", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-3715", "CVE-2021-37576", "CVE-2021-37750", "CVE-2021-3805", "CVE-2021-38201", "CVE-2021-41099"], "modified": "2021-11-05T16:57:48", "id": "RHSA-2021:3925", "href": "https://access.redhat.com/errata/RHSA-2021:3925", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-29T14:28:33", "type": "redhat", "title": "(RHSA-2021:4848) Moderate: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27218", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3445", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3620", "CVE-2021-36222", "CVE-2021-3733", "CVE-2021-3757", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-3948"], "modified": "2021-11-29T14:28:50", "id": "RHSA-2021:4848", "href": "https://access.redhat.com/errata/RHSA-2021:4848", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.8.3 images:\n\nRHEL-8-CNV-4.8\n==============\nhostpath-provisioner-container-v4.8.3-4\nkubevirt-v2v-conversion-container-v4.8.3-3\nvirt-cdi-cloner-container-v4.8.3-4\nvirt-cdi-operator-container-v4.8.3-4\nvirt-cdi-uploadproxy-container-v4.8.3-4\nvirt-launcher-container-v4.8.3-9\nvm-import-operator-container-v4.8.3-7\nvirt-cdi-apiserver-container-v4.8.3-4\nkubevirt-vmware-container-v4.8.3-3\nvirt-api-container-v4.8.3-9\nvm-import-virtv2v-container-v4.8.3-7\nvirtio-win-container-v4.8.3-3\nnode-maintenance-operator-container-v4.8.3-2\nhostpath-provisioner-operator-container-v4.8.3-4\nvirt-cdi-controller-container-v4.8.3-4\nvirt-cdi-importer-container-v4.8.3-4\nbridge-marker-container-v4.8.3-3\novs-cni-marker-container-v4.8.3-3\nvirt-handler-container-v4.8.3-9\nvirt-controller-container-v4.8.3-9\ncnv-containernetworking-plugins-container-v4.8.3-3\nkubevirt-template-validator-container-v4.8.3-3\nhyperconverged-cluster-webhook-container-v4.8.3-5\novs-cni-plugin-container-v4.8.3-3\nhyperconverged-cluster-operator-container-v4.8.3-5\nkubevirt-ssp-operator-container-v4.8.3-4\nvirt-cdi-uploadserver-container-v4.8.3-4\nkubemacpool-container-v4.8.3-5\nvm-import-controller-container-v4.8.3-7\nvirt-operator-container-v4.8.3-9\nkubernetes-nmstate-handler-container-v4.8.3-8\ncnv-must-gather-container-v4.8.3-12\ncluster-network-addons-operator-container-v4.8.3-8\nhco-bundle-registry-container-v4.8.3-58\n\nSecurity Fix(es):\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-02T15:41:38", "type": "redhat", "title": "(RHSA-2021:4914) Moderate: OpenShift Virtualization 4.8.3 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25648", "CVE-2020-36385", "CVE-2021-0512", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-29923", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-34558", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36222", "CVE-2021-3656", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267"], "modified": "2021-12-02T15:42:01", "id": "RHSA-2021:4914", "href": "https://access.redhat.com/errata/RHSA-2021:4914", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:19:09", "description": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-08T16:13:09", "type": "redhat", "title": "(RHSA-2022:5924) Important: Service Telemetry Framework 1.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-25032", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-25013", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9169", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-13434", "CVE-2020-14391", "CVE-2020-15358", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-27618", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-8927", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-20305", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-27218", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-3326", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-36222", "CVE-2021-37750", "CVE-2022-0778", "CVE-2022-1271", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-30631"], "modified": "2022-08-08T16:13:55", "id": "RHSA-2022:5924", "href": "https://access.redhat.com/errata/RHSA-2022:5924", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-30T12:45:50", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T15:13:45", "type": "redhat", "title": "(RHSA-2022:0056) Moderate: OpenShift Container Platform 4.10.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15903", "CVE-2019-19906", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-25013", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9169", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-13434", "CVE-2020-14391", "CVE-2020-15358", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-25660", "CVE-2020-25677", "CVE-2020-27618", "CVE-2020-27781", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-8927", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-20305", "CVE-2021-21684", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-25215", "CVE-2021-27218", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-3121", "CVE-2021-3326", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-36222", "CVE-2021-3733", "CVE-2021-3749", "CVE-2021-37750", "CVE-2021-39226", "CVE-2021-41190", "CVE-2021-41772", "CVE-2021-43813", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0532", "CVE-2022-21673", "CVE-2022-24407"], "modified": "2022-12-21T11:22:50", "id": "RHSA-2022:0056", "href": "https://access.redhat.com/errata/RHSA-2022:0056", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "almalinux": [{"lastseen": "2021-11-26T19:07:41", "description": "Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nSecurity Fix(es):\n\n* krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n* krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-21T07:09:33", "type": "almalinux", "title": "Moderate: krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-09-23T08:27:19", "id": "ALSA-2021:3576", "href": "https://errata.almalinux.org/8/ALSA-2021-3576.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rocky": [{"lastseen": "2023-07-24T17:26:49", "description": "An update is available for krb5.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nKerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nSecurity Fix(es):\n\n* krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222)\n\n* krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-21T07:09:33", "type": "rocky", "title": "krb5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-09-21T07:09:33", "id": "RLSA-2021:3576", "href": "https://errata.rockylinux.org/RLSA-2021:3576", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-06-23T20:34:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * krb5 \\- MIT Kerberos Network Authentication Protocol\n\nIt was discovered that Kerberos incorrectly handled memory when processing \nKDC data, which could lead to a NULL pointer dereference. An attacker could \npossibly use this issue to cause a denial of service or have other \nunspecified impacts. (CVE-2021-36222, CVE-2021-37750)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-16T00:00:00", "type": "ubuntu", "title": "Kerberos vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750"], "modified": "2023-03-16T00:00:00", "id": "USN-5959-1", "href": "https://ubuntu.com/security/notices/USN-5959-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2023-06-06T16:11:30", "description": "Updates of ['krb5'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0455", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28196", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-11-30T00:00:00", "id": "PHSA-2021-0455", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-455", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T15:31:19", "description": "Updates of ['krb5'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0342", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28196", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-12-12T00:00:00", "id": "PHSA-2021-3.0-0342", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-342", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-12T05:39:54", "description": "An update of {'krb5'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-12-12T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2022-3.0-0342", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28196", "CVE-2021-36222", "CVE-2021-37750"], "modified": "2021-12-12T00:00:00", "id": "PHSA-2022-3.0-0342", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-342", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:53:39", "description": "Updates of ['wireshark', 'bluez', 'rubygem-bundler', 'krb5'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0139", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36222", "CVE-2021-37750", "CVE-2021-39920", "CVE-2021-39921", "CVE-2021-39922", "CVE-2021-39923", "CVE-2021-39924", "CVE-2021-39925", "CVE-2021-39926", "CVE-2021-39928", "CVE-2021-39929", "CVE-2021-41229", "CVE-2021-43809"], "modified": "2021-12-17T00:00:00", "id": "PHSA-2021-0139", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-139", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-29T06:35:08", "description": "Updates of ['krb5', 'rubygem-bundler', 'bluez', 'wireshark'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0139", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28196", "CVE-2021-36222", "CVE-2021-37750", "CVE-2021-39920", "CVE-2021-39921", "CVE-2021-39922", "CVE-2021-39923", "CVE-2021-39924", "CVE-2021-39925", "CVE-2021-39926", "CVE-2021-39928", "CVE-2021-39929", "CVE-2021-41229", "CVE-2021-43809"], "modified": "2021-12-18T00:00:00", "id": "PHSA-2021-4.0-0139", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-139", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nOracle reports:\n\nThis Critical Patch Update contains 66 new security patches for\n\t Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\n\t The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle\n\t MySQL is 9.8.\nNote: MariaDB only vulnerable against CVE-2021-35604\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-16T00:00:00", "type": "freebsd", "title": "MySQL -- Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.9, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22926", "CVE-2021-22931", "CVE-2021-2471", "CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35537", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35583", "CVE-2021-35584", "CVE-2021-35590", "CVE-2021-35591", "CVE-2021-35592", "CVE-2021-35593", "CVE-2021-35594", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35598", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35613", "CVE-2021-35618", "CVE-2021-35621", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35629", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2021-36222", "CVE-2021-3711"], "modified": "2021-11-09T00:00:00", "id": "C9387E4D-2F5F-11EC-8BE6-D4C9EF517024", "href": "https://vuxml.freebsd.org/freebsd/c9387e4d-2f5f-11ec-8be6-d4c9ef517024.html", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}}], "oracle": [{"lastseen": "2023-09-29T20:29:18", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 419 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2021 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2809080.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-10-19T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-1000031", "CVE-2016-2183", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2017-5645", "CVE-2017-9841", "CVE-2018-10237", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-14550", "CVE-2018-15756", "CVE-2018-20031", "CVE-2018-20032", "CVE-2018-20033", "CVE-2018-20034", "CVE-2018-20843", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0230", "CVE-2019-0233", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-11358", "CVE-2019-12400", "CVE-2019-12415", "CVE-2019-13990", "CVE-2019-16775", "CVE-2019-17195", "CVE-2019-17566", "CVE-2019-17567", "CVE-2019-20388", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-7317", "CVE-2020-10543", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11979", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-11994", "CVE-2020-11998", "CVE-2020-12723", "CVE-2020-13947", "CVE-2020-13950", "CVE-2020-13954", "CVE-2020-13956", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-15824", "CVE-2020-17521", "CVE-2020-17530", "CVE-2020-1945", "CVE-2020-1967", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-24977", "CVE-2020-25648", "CVE-2020-25649", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-26217", "CVE-2020-27193", "CVE-2020-27216", "CVE-2020-27218", "CVE-2020-27824", "CVE-2020-28052", "CVE-2020-28500", "CVE-2020-28928", "CVE-2020-29661", "CVE-2020-35452", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5413", "CVE-2020-6950", "CVE-2020-7065", "CVE-2020-7069", "CVE-2020-7071", "CVE-2020-7226", "CVE-2020-7595", "CVE-2020-8203", "CVE-2020-8277", "CVE-2020-8622", "CVE-2020-8908", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2021-20227", "CVE-2021-20265", "CVE-2021-21290", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-2137", "CVE-2021-21409", "CVE-2021-21702", "CVE-2021-21783", "CVE-2021-22112", "CVE-2021-22118", "CVE-2021-22207", "CVE-2021-22222", "CVE-2021-22696", "CVE-2021-22883", "CVE-2021-22884", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-22925", "CVE-2021-22926", "CVE-2021-22931", "CVE-2021-22939", "CVE-2021-22940", "CVE-2021-22945", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23017", "CVE-2021-2332", "CVE-2021-23336", "CVE-2021-23337", "CVE-2021-2341", "CVE-2021-2351", "CVE-2021-2369", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-2388", "CVE-2021-23926", "CVE-2021-2414", "CVE-2021-2416", "CVE-2021-2432", "CVE-2021-2461", "CVE-2021-2471", "CVE-2021-2474", "CVE-2021-2475", "CVE-2021-2476", "CVE-2021-2477", "CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2480", "CVE-2021-2481", "CVE-2021-2482", "CVE-2021-2483", "CVE-2021-2484", "CVE-2021-2485", "CVE-2021-25122", "CVE-2021-25215", "CVE-2021-25329", "CVE-2021-26117", "CVE-2021-26271", "CVE-2021-26272", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-27290", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28165", "CVE-2021-28169", "CVE-2021-28363", "CVE-2021-28657", "CVE-2021-28957", "CVE-2021-29425", "CVE-2021-29505", "CVE-2021-29921", "CVE-2021-30369", "CVE-2021-30468", "CVE-2021-30640", "CVE-2021-30641", "CVE-2021-3156", "CVE-2021-31618", "CVE-2021-3177", "CVE-2021-31811", "CVE-2021-31812", "CVE-2021-32803", "CVE-2021-32804", "CVE-2021-32808", "CVE-2021-32809", "CVE-2021-33037", "CVE-2021-33503", "CVE-2021-33560", "CVE-2021-3426", "CVE-2021-34428", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-34558", "CVE-2021-35043", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3522", "CVE-2021-3537", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-35536", "CVE-2021-35537", "CVE-2021-35538", "CVE-2021-35539", "CVE-2021-35540", "CVE-2021-35541", "CVE-2021-35542", "CVE-2021-35543", "CVE-2021-35545", "CVE-2021-35546", "CVE-2021-35549", "CVE-2021-35550", "CVE-2021-35551", "CVE-2021-35552", "CVE-2021-35553", "CVE-2021-35554", "CVE-2021-35556", "CVE-2021-35557", "CVE-2021-35558", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35562", "CVE-2021-35563", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35566", "CVE-2021-35567", "CVE-2021-35568", "CVE-2021-35569", "CVE-2021-35570", "CVE-2021-35571", "CVE-2021-35572", "CVE-2021-35573", "CVE-2021-35574", "CVE-2021-35575", "CVE-2021-35576", "CVE-2021-35577", "CVE-2021-35578", "CVE-2021-35580", "CVE-2021-35581", "CVE-2021-35582", "CVE-2021-35583", "CVE-2021-35584", "CVE-2021-35585", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35589", "CVE-2021-35590", "CVE-2021-35591", "CVE-2021-35592", "CVE-2021-35593", "CVE-2021-35594", "CVE-2021-35595", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35598", "CVE-2021-35599", "CVE-2021-35601", "CVE-2021-35602", "CVE-2021-35603", "CVE-2021-35604", "CVE-2021-35606", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35609", "CVE-2021-35610", "CVE-2021-35611", "CVE-2021-35612", "CVE-2021-35613", "CVE-2021-35616", "CVE-2021-35617", "CVE-2021-35618", "CVE-2021-35619", "CVE-2021-35620", "CVE-2021-35621", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35629", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2021-35649", "CVE-2021-35650", "CVE-2021-35651", "CVE-2021-35652", "CVE-2021-35653", "CVE-2021-35654", "CVE-2021-35655", "CVE-2021-35656", "CVE-2021-35657", "CVE-2021-35658", "CVE-2021-35659", "CVE-2021-35660", "CVE-2021-35661", "CVE-2021-35662", "CVE-2021-35665", "CVE-2021-35666", "CVE-2021-36090", "CVE-2021-36222", "CVE-2021-36373", "CVE-2021-36374", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-37695", "CVE-2021-37701", "CVE-2021-37712", "CVE-2021-37713", "CVE-2021-39134", "CVE-2021-39135"], "modified": "2022-01-18T00:00:00", "id": "ORACLE:CPUOCT2021", "href": "https://www.oracle.com/security-alerts/cpuoct2021.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-09-30T07:14:39", "description": "## Summary\n\nCloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-8985](<https://vulners.com/cve/CVE-2015-8985>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a flaw in the pop_fail_stack function. By using a specially crafted extended regular expression, a remote attacker could cause an assertion failure and application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-8984](<https://vulners.com/cve/CVE-2015-8984>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by an out-of-bounds read in the fnmatch function. By using a malformed pattern, a remote attacker could cause the application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3426](<https://vulners.com/cve/CVE-2021-3426>) \n** DESCRIPTION: **Python pydoc module could allow a remote attacker from within the local network obtain sensitive information. By starting the pydoc server, an attacker could exploit this vulnerability to extract arbitrary files. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2007-3716](<https://vulners.com/cve/CVE-2007-3716>) \n** DESCRIPTION: **Sun JRE (Java Runtime Environment) and JDK (Java Developer's Kit) could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the XML Digital Signature implementation. By sending a specially-crafted XML signature containing a malicious XSLT stylesheet, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the application's permissions. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/35332](<https://exchange.xforce.ibmcloud.com/vulnerabilities/35332>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2017-18018](<https://vulners.com/cve/CVE-2017-18018>) \n** DESCRIPTION: **GNU Coreutils could allow a local attacker to bypass security restrictions, caused by not preventing replacement of a plain file with a symlink issue in chown-core.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to modify the ownership of arbitrary files. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-17101](<https://vulners.com/cve/CVE-2018-17101>) \n** DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10001](<https://vulners.com/cve/CVE-2020-10001>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to obtain sensitive information, caused by improper input validation by the CUPS component. By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to obtain restricted memory information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-35448](<https://vulners.com/cve/CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-26927](<https://vulners.com/cve/CVE-2021-26927>) \n** DESCRIPTION: **JasPer is vulnerable to a denial of service, caused by a NULL pointer dereference in jp2_decode in jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197351](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197351>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28153](<https://vulners.com/cve/CVE-2021-28153>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2017-13728](<https://vulners.com/cve/CVE-2017-13728>) \n** DESCRIPTION: **GNU ncurses is vulnerable to a denial of service, caused by an error in the next_char function in comp_scan.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7613](<https://vulners.com/cve/CVE-2017-7613>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124513>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7612](<https://vulners.com/cve/CVE-2017-7612>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in the check_sysv_hash function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7611](<https://vulners.com/cve/CVE-2017-7611>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in check_symtab_shndx function in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124511](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124511>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7610](<https://vulners.com/cve/CVE-2017-7610>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read check_group function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124510](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124510>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7609](<https://vulners.com/cve/CVE-2017-7609>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory consumption in elf_compress.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124509>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7608](<https://vulners.com/cve/CVE-2017-7608>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in ebl_object_note_type_name function in eblobjnotetypename.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7607](<https://vulners.com/cve/CVE-2017-7607>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read handle_gnu_hash function in readelf.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10255](<https://vulners.com/cve/CVE-2016-10255>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in __libelf_set_rawdata_wrlock function in elf_getdata.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10254](<https://vulners.com/cve/CVE-2016-10254>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in allocate_elf function in common.h. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124086>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14062](<https://vulners.com/cve/CVE-2017-14062>) \n** DESCRIPTION: **Libidn2 is vulnerable to a denial of service, caused by an integer overflow in the decode_digit function in puny_decode.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7246](<https://vulners.com/cve/CVE-2017-7246>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7245](<https://vulners.com/cve/CVE-2017-7245>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-4984](<https://vulners.com/cve/CVE-2016-4984>) \n** DESCRIPTION: **openldap-servers could allow a local authenticated attacker to obtain sensitive information, caused by a weak permission for /usr/libexec/openldap/generate-server-cert.sh issue. By leveraging a race condition between the creation of the certificate, a local attacker could exploit this vulnerability to obtain the TLS certificate. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129440](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129440>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-9318](<https://vulners.com/cve/CVE-2016-9318>) \n** DESCRIPTION: **Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-4493](<https://vulners.com/cve/CVE-2016-4493>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a denial of service, caused by a read access violation in demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty. An attacker could exploit this vulnerability using a specially crafted binary to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-13685](<https://vulners.com/cve/CVE-2017-13685>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the dump_callback function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131204](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131204>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20483](<https://vulners.com/cve/CVE-2018-20483>) \n** DESCRIPTION: **GNU Wget could allow a local authenticated attacker to obtain sensitive information, caused by the storing of the origin URL in the user.xdg.origin.url metadata in the set_file_metadata function in xattr.c. By reading the metadata attribute, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-30720](<https://vulners.com/cve/CVE-2021-30720>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to access restricted ports on arbitrary servers. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-8908](<https://vulners.com/cve/CVE-2020-8908>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10707](<https://vulners.com/cve/CVE-2016-10707>) \n** DESCRIPTION: **jQuery is vulnerable to a denial of service, caused by removing a logic that lowercased attribute names. By using a mixed-cased name for boolean attributes, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138030](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138030>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18074](<https://vulners.com/cve/CVE-2018-18074>) \n** DESCRIPTION: **The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by sending information in an insecure manner. By sniffing the network, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-3721](<https://vulners.com/cve/CVE-2018-3721>) \n** DESCRIPTION: **Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the prototype of Object, an attacker could exploit this vulnerability to add or modify existing property that will exist on all objects. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-18874](<https://vulners.com/cve/CVE-2019-18874>) \n** DESCRIPTION: **psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14145](<https://vulners.com/cve/CVE-2020-14145>) \n** DESCRIPTION: **OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-24025](<https://vulners.com/cve/CVE-2020-24025>) \n** DESCRIPTION: **node-sass could allow a remote attacker to bypass security restrictions, caused by the disablement of certificate validation when requesting binaries even if the user is not specifying an alternative download path. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-24370](<https://vulners.com/cve/CVE-2020-24370>) \n** DESCRIPTION: **Lua is vulnerable to a denial of service, caused by a negation overflow and segmentation fault in getlocal and setlocal. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-28168](<https://vulners.com/cve/CVE-2020-28168>) \n** DESCRIPTION: **Node.js axios module is vulnerable to server-side request forgery, caused by improper input validation. By providing a URL that responds with a redirect to a restricted host or IP address, an attacker could exploit this vulnerability to conduct SSRF attack to bypass a proxy. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-30641](<https://vulners.com/cve/CVE-2021-30641>) \n** DESCRIPTION: **Apache HTTP Server could provide weaker than expected security, caused by unexpected URL matching behavior with 'MergeSlashes OFF. An attacker could exploit this vulnerability to match URLs from all sites in the same domain and launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31535](<https://vulners.com/cve/CVE-2021-31535>) \n** DESCRIPTION: **X.Org libX11 is vulnerable to a denial of service, caused by improper input validation by the length of the string parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause emission of extra X protocol requests to the X server, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202043](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202043>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33503](<https://vulners.com/cve/CVE-2021-33503>) \n** DESCRIPTION: **urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203109](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203109>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33928](<https://vulners.com/cve/CVE-2021-33928>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33929](<https://vulners.com/cve/CVE-2021-33929>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_disabled_solvable in src/repo.h. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33930](<https://vulners.com/cve/CVE-2021-33930>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable_whatprovides in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33938](<https://vulners.com/cve/CVE-2021-33938>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the prune_to_recommended in src/policy.c function. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208663](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208663>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35561](<https://vulners.com/cve/CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29362](<https://vulners.com/cve/CVE-2020-29362>) \n** DESCRIPTION: **p11-glue p11-kit could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read flaw in the RPC protocol. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain up to 4 bytes of memory past the heap allocation, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-6891](<https://vulners.com/cve/CVE-2017-6891>) \n** DESCRIPTION: **GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4008](<https://vulners.com/cve/CVE-2016-4008>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by improper handling of the ASN1_DECODE_FLAG_STRICT_DER flag in _asn1_extract_der_octet function in lib/decoding.c. By using a malformed certificate, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113127](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113127>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-8817](<https://vulners.com/cve/CVE-2017-8817>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds read flaw in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH). By using a string that ends with an '[' character, an attacker could exploit this vulnerability to redirect the victim to an arbitrary site. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8625](<https://vulners.com/cve/CVE-2016-8625>) \n** DESCRIPTION: **cURL/libcurl could provide weaker than expected security, caused by the translation of International Domain Names (IDNA) to puny code for DNS resolving using the IDNA 2003 standard. An attacker could exploit this vulnerability to issue network transfer requests to the wrong host. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8624](<https://vulners.com/cve/CVE-2016-8624>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the authority component of the URL when handling '#' character. By using a specially-crafted URL with '#' character, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118642](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118642>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8621](<https://vulners.com/cve/CVE-2016-8621>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to obtain sensitive information, caused by an out of bounds read error within the curl_getdate function. By using specially-crafted date strings, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-8616](<https://vulners.com/cve/CVE-2016-8616>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protocol which supports connection-scoped credentials, an attacker could exploit this vulnerability to cause a connection to be reused. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8615](<https://vulners.com/cve/CVE-2016-8615>) \n** DESCRIPTION: **cURL/libcurl is vulnerable to cookie injection, caused by an error related to fgets() function. By using a malicious server that sends a very long cookie name and value, a remote attacker could exploit this vulnerability to inject a malicious cookie for arbitrary domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22924](<https://vulners.com/cve/CVE-2021-22924>) \n** DESCRIPTION: **An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-0755](<https://vulners.com/cve/CVE-2016-0755>) \n** DESCRIPTION: **Libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to check NTLM-authenticated proxy connections for reuse. An attacker could exploit this vulnerability to use a proxy connection for a different authenticated client username. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-13050](<https://vulners.com/cve/CVE-2019-13050>) \n** DESCRIPTION: **GNU Privacy Guard (GnuPG) is vulnerable to a denial of service, caused by a certificate spamming attack when referring to a host on the SKS keyserver network in the keyserver configuration. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-5276](<https://vulners.com/cve/CVE-2015-5276>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could provide weaker than expected security, caused by the failure to properly handle short reads from blocking sources by the std::random_device class in libstdc++. A remote attacker could exploit thsi vulnerability to predict random values. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-19645](<https://vulners.com/cve/CVE-2019-19645>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an infinite recursion flaw in alter.c. By sending a specially-crafted request using certain types of self-referential views in conjunction with ALTER TABLE statements, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172774>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19880](<https://vulners.com/cve/CVE-2019-19880>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an invalid pointer dereference in exprListAppendList in window.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19924](<https://vulners.com/cve/CVE-2019-19924>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by the mishandling of certain parser-tree rewriting in the sqlite3WindowRewrite function in expr.c, vdbeaux.c, and window.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-8457](<https://vulners.com/cve/CVE-2019-8457>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13631](<https://vulners.com/cve/CVE-2020-13631>) \n** DESCRIPTION: **SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and build.c. By sending a specially crafted request, an attacker could exploit this vulnerability to rename the virtual table to the name of one of its shadow tables. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2017-9233](<https://vulners.com/cve/CVE-2017-9233>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by a XML External Entity vulnerability in the parser. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-5300](<https://vulners.com/cve/CVE-2016-5300>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization. By using specially-crafted identifiers in an XML document, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114435](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114435>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-4472](<https://vulners.com/cve/CVE-2016-4472>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the removal by compilers with certain optimization settings. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114683](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114683>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2695](<https://vulners.com/cve/CVE-2015-2695>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established SPNEGO context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107874](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107874>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2696](<https://vulners.com/cve/CVE-2015-2696>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established IAKERB context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19906](<https://vulners.com/cve/CVE-2019-19906>) \n** DESCRIPTION: **cyrus-sasl is vulnerable to a denial of service, caused by an off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP packet, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1234](<https://vulners.com/cve/CVE-2016-1234>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a stack-based buffer overflow within the glob implementation when GLOB_ALTDIRFUNC is used. A remote attacker could exploit this vulnerability using an overly long name to overflow a buffer and cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26154](<https://vulners.com/cve/CVE-2020-26154>) \n** DESCRIPTION: **libproxy is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted PAC file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189418](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189418>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13645](<https://vulners.com/cve/CVE-2020-13645>) \n** DESCRIPTION: **GNOME glib-networking is vulnerable to a man-in-the-middle attack, caused by missing hostname verification in the server TLS certificate in the implementation of GTlsClientConnection. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-16435](<https://vulners.com/cve/CVE-2018-16435>) \n** DESCRIPTION: **Little CMS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the AllocateDataSet function in cmscgats.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149326](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149326>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2008-3105](<https://vulners.com/cve/CVE-2008-3105>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an error in XML data processing. An attacker could exploit this vulnerability using the JAX-WS client or a service in a trusted application to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43657>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2021-22931](<https://vulners.com/cve/CVE-2021-22931>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3672](<https://vulners.com/cve/CVE-2021-3672>) \n** DESCRIPTION: **The c-ares library could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause the output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-3153](<https://vulners.com/cve/CVE-2015-3153>) \n** DESCRIPTION: **cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2016-8617](<https://vulners.com/cve/CVE-2016-8617>) \n** DESCRIPTION: **cURL/libcurl could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out of bounds write in the base64 encode function. By using a specially crafted username, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3859](<https://vulners.com/cve/CVE-2019-3859>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev functions. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3860](<https://vulners.com/cve/CVE-2019-3860>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with empty payloads. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13558](<https://vulners.com/cve/CVE-2020-13558>) \n** DESCRIPTION: **WebKitGTK and WPE WebKit could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the AudioSourceProviderGStreamer class. By persuading a victim to open specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1788](<https://vulners.com/cve/CVE-2021-1788>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1789](<https://vulners.com/cve/CVE-2021-1789>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195893>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1844](<https://vulners.com/cve/CVE-2021-1844>) \n** DESCRIPTION: **Apple Safari, macOS Big Sur, iOS, iPadOS and watchOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1870](<https://vulners.com/cve/CVE-2021-1870>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1871](<https://vulners.com/cve/CVE-2021-1871>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21779](<https://vulners.com/cve/CVE-2021-21779>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebKit componenet. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21806](<https://vulners.com/cve/CVE-2021-21806>) \n** DESCRIPTION: **WebKit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in fireEventListeners. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30663](<https://vulners.com/cve/CVE-2021-30663>) \n** DESCRIPTION: **Apple iOS, iPadOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201120](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201120>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30665](<https://vulners.com/cve/CVE-2021-30665>) \n** DESCRIPTION: **Apple iOS, iPadOS, watchOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201119](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201119>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30734](<https://vulners.com/cve/CVE-2021-30734>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30749](<https://vulners.com/cve/CVE-2021-30749>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202347](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202347>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30758](<https://vulners.com/cve/CVE-2021-30758>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30795](<https://vulners.com/cve/CVE-2021-30795>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an error in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30797](<https://vulners.com/cve/CVE-2021-30797>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206133>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30799](<https://vulners.com/cve/CVE-2021-30799>) \n** DESCRIPTION: **Apple macOS Catalina could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206131>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13565](<https://vulners.com/cve/CVE-2019-13565>) \n** DESCRIPTION: **OpenLDAP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an error when using SASL authentication and session encryption. An attacker could exploit this vulnerability to gain privileges on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18276](<https://vulners.com/cve/CVE-2019-18276>) \n** DESCRIPTION: **GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9924](<https://vulners.com/cve/CVE-2019-9924>) \n** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3520](<https://vulners.com/cve/CVE-2021-3520>) \n** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3518](<https://vulners.com/cve/CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3517](<https://vulners.com/cve/CVE-2021-3517>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3796](<https://vulners.com/cve/CVE-2021-3796>) \n** DESCRIPTION: **Vim is vulnerable to a denial of service, caused by a use-after-free in nv_replace. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2019-13115](<https://vulners.com/cve/CVE-2019-13115>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12762](<https://vulners.com/cve/CVE-2020-12762>) \n** DESCRIPTION: **json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182094](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182094>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27828](<https://vulners.com/cve/CVE-2020-27828>) \n** DESCRIPTION: **Jasper is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the cp_create() in jpc_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27918](<https://vulners.com/cve/CVE-2020-27918>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the device. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35492](<https://vulners.com/cve/CVE-2020-35492>) \n** DESCRIPTION: **cairo is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by image-compositor.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3778](<https://vulners.com/cve/CVE-2021-3778>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209481](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209481>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-10140](<https://vulners.com/cve/CVE-2017-10140>) \n** DESCRIPTION: **Postfix could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in in undocumented function in Berkeley DB. By reading settings from DB_CONFIG in the current directory, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142457](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142457>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3516](<https://vulners.com/cve/CVE-2021-3516>) \n** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24977](<https://vulners.com/cve/CVE-2020-24977>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-38185](<https://vulners.com/cve/CVE-2021-38185>) \n** DESCRIPTION: **GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow that triggers an out-of-bounds heap write in the ds_fgetstr function in dstring.c. By persuading a victim to open a specially-crafted crafted pattern file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22922](<https://vulners.com/cve/CVE-2021-22922>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by not removing incorrect content by the metalink feature. By persuading a victim to download specially-crafted content, an attacker could exploit this vulnerability to access malicious content to keep in the file on disk for further attack. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206045](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206045>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<https://vulners.com/cve/CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-21775](<https://vulners.com/cve/CVE-2021-21775>) \n** DESCRIPTION: **WebKit WebKitGTK could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw when certain events are processed for ImageLoader objects. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information and cause further memory corruptions. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2014-0452](<https://vulners.com/cve/CVE-2014-0452>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the JAX-WS component has partial confidentiality impact, partial integrity impact, and partial availability impact. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92474>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2018-12700](<https://vulners.com/cve/CVE-2018-12700>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a stack exhaustion in debug_write_type in debug.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-13117](<https://vulners.com/cve/CVE-2019-13117>) \n** DESCRIPTION: **libxslt could allow a remote attacker to obtain sensitive information, caused by an error in numbers.c that leads to an uninitialized read in xsltNumberFormatInsertNumbers. An attacker could exploit this vulnerability to discern whether a byte on the stack contains the characters A, a, I, I, or 0, or any other character. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-20838](<https://vulners.com/cve/CVE-2019-20838>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a buffer over-read in JIT. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13435](<https://vulners.com/cve/CVE-2020-13435>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16135](<https://vulners.com/cve/CVE-2020-16135>) \n** DESCRIPTION: **Libssh is vulnerable to a denial of service, caused by a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36241](<https://vulners.com/cve/CVE-2020-36241>) \n** DESCRIPTION: **GNOME gnome-autoar could allow a remote attacker to traverse directories on the system, caused by the lack of checks of file in autoar-extractor.c. An attacker could send a specially-crafted file to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196330>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-36332](<https://vulners.com/cve/CVE-2020-36332>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by allocating an excessive amount of memory. By reading a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202249](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202249>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20270](<https://vulners.com/cve/CVE-2021-20270>) \n** DESCRIPTION: **Pygments is vulnerable to a denial of service, caused by an infinite loop in SMLLexer. By performing syntax highlighting of an SML source file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22876](<https://vulners.com/cve/CVE-2021-22876>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199186>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22898](<https://vulners.com/cve/CVE-2021-22898>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sending a specially-crafted request using a clear-text network protocol, an attacker could exploit this vulnerability to obtain sensitive internal information to the server, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22946](<https://vulners.com/cve/CVE-2021-22946>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a required TLS bypassed issue. By sniffing the network, an attacker could exploit this vulnerability to obtain sensitive data in clear text over the network, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209452>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29059](<https://vulners.com/cve/CVE-2021-29059>) \n** DESCRIPTION: **Node.js IS-SVG module is vulnerable to a denial of service, caused by an error when the application is provided and checks a specially crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204157](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204157>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33574](<https://vulners.com/cve/CVE-2021-33574>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a denial of service, caused by a use-after-free flaw in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37136](<https://vulners.com/cve/CVE-2021-37136>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211777>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37137](<https://vulners.com/cve/CVE-2021-37137>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not restrict the chunk length in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause excessive memory usage, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211779](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211779>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3765](<https://vulners.com/cve/CVE-2021-3765>) \n** DESCRIPTION: **validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212669>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11113](<https://vulners.com/cve/CVE-2017-11113>) \n** DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a NULL pointer dereference in the _nc_parse_entry function of tinfo/parse_entry.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129022>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11112](<https://vulners.com/cve/CVE-2017-11112>) \n** DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c issue. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129021](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129021>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29361](<https://vulners.com/cve/CVE-2020-29361>) \n** DESCRIPTION: **p11-glue p11-kit are vulnerable to a denial of service, caused by multiple integer overflows when allocating memory for arrays of attributes and object identifiers. By sending a specially-crafted request using realloc or calloc function, an attacker could exploit this vulnerability to cause a denial of service or possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-6003](<https://vulners.com/cve/CVE-2018-6003>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by a stack exhaustion in the _asn1_decode_simple_ber function in decoding.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138175](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138175>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-10790](<https://vulners.com/cve/CVE-2017-10790>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by a NULL pointer dereference in the _asn1_check_identifier function. By reading specially crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11164](<https://vulners.com/cve/CVE-2017-11164>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the OP_KETRMAX feature in the match function in pcre_exec.c. By using a specially-crafted regular expression, a remote attacker could exploit this vulnerability to cause stack exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-1000254](<https://vulners.com/cve/CVE-2017-1000254>) \n** DESCRIPTION: **libcurl is vulnerable to a denial of service, caused by a buffer overread in the string parser. By sending a specially-crafted response to a PWD command, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133027](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133027>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8285](<https://vulners.com/cve/CVE-2020-8285>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a stack-based buffer overflow in the wildcard matching function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27212](<https://vulners.com/cve/CVE-2021-27212>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in slapd within the issuerAndThisUpdateCheck function. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a daemon exit. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196992](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196992>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36221](<https://vulners.com/cve/CVE-2020-36221>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an integer underflow in the Certificate Exact Assertion processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36222](<https://vulners.com/cve/CVE-2020-36222>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in the saslAuthzTo validation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36223](<https://vulners.com/cve/CVE-2020-36223>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a double free and out-of-bounds read in the Values Return Filter control handling. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195552](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195552>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36224](<https://vulners.com/cve/CVE-2020-36224>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an invalid pointer free in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36225](<https://vulners.com/cve/CVE-2020-36225>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a double free in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36226](<https://vulners.com/cve/CVE-2020-36226>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a memch-&gt;bv_len miscalculation flaw in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195555>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36227](<https://vulners.com/cve/CVE-2020-36227>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an infinite loop in the cancel_extop Cancel operation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195556](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195556>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36228](<https://vulners.com/cve/CVE-2020-36228>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an integer underflow in the Certificate List Exact Assertion processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195557](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195557>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36229](<https://vulners.com/cve/CVE-2020-36229>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a flaw in the X.509 DN parsing in ad_keystring. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36230](<https://vulners.com/cve/CVE-2020-36230>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in the X.509 DN parsing in decode.c ber_next_element. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25710](<https://vulners.com/cve/CVE-2020-25710>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in csnNormalize23 function in servers/slapd/schema_init.c. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25709](<https://vulners.com/cve/CVE-2020-25709>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in certificateListValidate function in servers/slapd/schema_init.c. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192486>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-20387](<https://vulners.com/cve/CVE-2019-20387>) \n** DESCRIPTION: **libsolv is vulnerable to a denial of service, caused by a heap-based buffer over-read in the repodata_schema2id function in repodata.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-9574](<https://vulners.com/cve/CVE-2016-9574>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a denial of service, caused by an error during the session handshake. A remote attacker could exploit this vulnerability using using SessionTicket extension and ECDHE-ECDSA to cause a denail of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3537](<https://vulners.com/cve/CVE-2021-3537>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-16932](<https://vulners.com/cve/CVE-2017-16932>) \n** DESCRIPTION: **Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7595](<https://vulners.com/cve/CVE-2020-7595>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175333](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175333>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36222](<https://vulners.com/cve/CVE-2021-36222>) \n** DESCRIPTION: **MIT Kerberos (aka krb5) is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206318](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206318>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11462](<https://vulners.com/cve/CVE-2017-11462>) \n** DESCRIPTION: **A double free vulnerability in MIT Kerberos 5 (aka krb5) has an unknown impact and attack vector involving automatic deletion of security contexts on error. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132060](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132060>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-28196](<https://vulners.com/cve/CVE-2020-28196>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an unbounded recursion flaw in lib/krb5/asn.1/asn1_encode.c. By sending a specially-crafted ASN.1-encoded Kerberos message, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-15671](<https://vulners.com/cve/CVE-2017-15671>) \n** DESCRIPTION: **GNU C Library is vulnerable to a denial of service, caused by a memory leak in the glob function in glob.c. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25219](<https://vulners.com/cve/CVE-2020-25219>) \n** DESCRIPTION: **libproxy is vulnerable to a denial of service, caused by an uncontrolled recursion in url::recvline in url.cpp. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause stack exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-9234](<https://vulners.com/cve/CVE-2018-9234>) \n** DESCRIPTION: **GnuPG could allow a remote attacker to bypass security restrictions, caused by the failure to enforce a configuration in which key certification requires an offline master Certify key. By sending a specially-crafted request, an attacker could exploit this vulnerability to sign the keys of others with only a signing subkey. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-20231](<https://vulners.com/cve/CVE-2021-20231>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client sending key_share extension. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198173](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198173>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-20232](<https://vulners.com/cve/CVE-2021-20232>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client_send_params in lib/ext/pre_shared_key.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-22947](<https://vulners.com/cve/CVE-2021-22947>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw when connecting to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209453](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209453>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-1752](<https://vulners.com/cve/CVE-2020-1752>) \n** DESCRIPTION: **GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free. By creating a specially crafted path, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19603](<https://vulners.com/cve/CVE-2019-19603>) \n** DESCRIPTION: **An error during handling of CREATE TABLE and CREATE VIEW statements in SQLite has an unknown impact via a specially crafted table name. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172765>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-14155](<https://vulners.com/cve/CVE-2020-14155>) \n** DESCRIPTION: **PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-24870](<https://vulners.com/cve/CVE-2020-24870>) \n** DESCRIPTION: **LibRaw is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ::identify_process_dng_fields. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203026](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203026>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10685](<https://vulners.com/cve/CVE-2017-10685>) \n** DESCRIPTION: **ncurses (new curses) library could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a format string in the fmt_entry function. By sending specially-crafted format string specifiers in the argument, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128176](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128176>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10684](<https://vulners.com/cve/CVE-2017-10684>) \n** DESCRIPTION: **ncurses (new curses) library is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the fmt_entry function. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128175](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128175>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6262](<https://vulners.com/cve/CVE-2016-6262>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by improper validation of input in idna.c. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6261](<https://vulners.com/cve/CVE-2016-6261>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read error in idna_to_ascii_4i function in idna.c. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115585](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115585>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8948](<https://vulners.com/cve/CVE-2015-8948>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read error. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-9586](<https://vulners.com/cve/CVE-2016-9586>) \n** DESCRIPTION: **cURL/libcurl is vulnerable to a buffer overflow, caused by improper boundary checks by the floating point conversion. By sending a specially crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-8619](<https://vulners.com/cve/CVE-2016-8619>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to execute arbitrary code on the system, caused by double-free error in the krb5 code. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-8618](<https://vulners.com/cve/CVE-2016-8618>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to execute arbitrary code on the system, caused by double-free error in the curl_maprintf() function on systems using 32 bit size_t variables. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-1951](<https://vulners.com/cve/CVE-2016-1951>) \n** DESCRIPTION: **Mozilla Netscape Portable Runtime (NSPR) is vulnerable to a buffer overflow, caused by multiple integer overflows in io/prprf.c. By sending an overly long string to a PR_*printf function, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-7501](<https://vulners.com/cve/CVE-2017-7501>) \n** DESCRIPTION: **rpm could allow a local attacker to launch a symlink attack, caused by the use of a temporary files with predictable names when installing an RPM. A local authenticated attacker could exploit this vulnerability by creating a symbolic link from a temporary file to arbitrary location, which could allow the attacker to modify content, gain elevated privileges on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-7500](<https://vulners.com/cve/CVE-2017-7500>) \n** DESCRIPTION: **rpm could allow a local attacker to launch a symlink attack, caused by the improper handling of RPM installations when a destination path was a symbolic link to a directory. A local authenticated attacker could exploit this vulnerability by creating a symbolic link from a temporary file to directories, which could allow the attacker to gain root privileges on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-16931](<https://vulners.com/cve/CVE-2017-16931>) \n** DESCRIPTION: **Xmlsoft libxml2 is vulnerable to a buffer overflow, caused by improper handling of parameter-entity references in xmlParserHandlePEReference function. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135488](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135488>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4492](<https://vulners.com/cve/CVE-2016-4492>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a write access violation on destination operand in the libiberty demangler. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116386](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116386>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4491](<https://vulners.com/cve/CVE-2016-4491>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a stack-based buffer overflow, caused by an infinite recursion in d_print_comp in the libiberty demangler library. By sending a specially crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116385](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116385>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4490](<https://vulners.com/cve/CVE-2016-4490>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a write access violation in cp-demangle.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116384>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4489](<https://vulners.com/cve/CVE-2016-4489>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the demangling of virtual tables in method gnu_special. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116383](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116383>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4488](<https://vulners.com/cve/CVE-2016-4488>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free to array ktypevec if the libiberty demangler is called with a certain class signature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4487](<https://vulners.com/cve/CVE-2016-4487>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free if the libiberty demangler is called with a certain class signature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116381](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116381>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-2226](<https://vulners.com/cve/CVE-2016-2226>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a buffer overflow, caused by an integer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the libiberty binary. By sending a specially crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-20218](<https://vulners.com/cve/CVE-2019-20218>) \n** DESCRIPTION: **An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173900](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173900>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10989](<https://vulners.com/cve/CVE-2017-10989>) \n** DESCRIPTION: **SQLite is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by getNodeSize function in ext/rtree/rtree.c. By using a specially-crafted database, a remote attacker could overflow a buffer and cause unspecified impacts on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-9169](<https://vulners.com/cve/CVE-2019-9169>) \n** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4429](<https://vulners.com/cve/CVE-2016-4429>) \n** DESCRIPTION: **GNU C Library (glibc or libc6) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clntudp_call function within sunrpc/clnt_udp.c. By sending specially-crafted ICMP and UDP packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114024>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8983](<https://vulners.com/cve/CVE-2015-8983>) \n** DESCRIPTION: **glibc is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the _IO_wstr_overflow function in libio/wstrops.c. A remote attacker could exploit the vulnerability to cause the application to crash or execute arbitrary code in the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8982](<https://vulners.com/cve/CVE-2015-8982>) \n** DESCRIPTION: **glibc is vulnerable to a stack-based buffer overflow, caused by an integer overflow, caused by an integer overflow in the strxfrm function function. By sending a specially crafted string, a remote attacker could exploit the vulnerability to cause the application to crash or execute arbitrary code in the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126597](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126597>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-28957](<https://vulners.com/cve/CVE-2021-28957>) \n** DESCRIPTION: **lxml is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the defs.py script. A remote attacker could exploit this vulnerability using the HTML action attribute to inject malicious script into a Web page which would be executed in a victim\u2019s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u2019s cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198515>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41182](<https://vulners.com/cve/CVE-2021-41182>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the altField parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41183](<https://vulners.com/cve/CVE-2021-41183>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the Text parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212276](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212276>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41184](<https://vulners.com/cve/CVE-2021-41184>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position() function. A remote attacker could exploit this vulnerability using the of parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212277](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212277>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-7774](<https://vulners.com/cve/CVE-2020-7774>) \n** DESCRIPTION: **Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23440](<https://vulners.com/cve/CVE-2021-23440>) \n** DESCRIPTION: **Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-22940](<https://vulners.com/cve/CVE-2021-22940>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2016-10540](<https://vulners.com/cve/CVE-2016-10540>) \n** DESCRIPTION: **Node.js minimatch module is vulnerable to a denial of service, caused by a flaw in the minimatch function. By using a specially-crafted value, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149140](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149140>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7768](<https://vulners.com/cve/CVE-2020-7768>) \n** DESCRIPTION: **Node.js grpc module is vulnerable to a denial of service, caused by a prototype pollution flaw by the loadPackageDefinition function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22930](<https://vulners.com/cve/CVE-2021-22930>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-28092](<https://vulners.com/cve/CVE-2021-28092>) \n** DESCRIPTION: **Node.js is-svg module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex string, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-32838](<https://vulners.com/cve/CVE-2021-32838>) \n** DESCRIPTION: **lask-RESTX is vulnerable to a denial of service, caused by a regular expression flaw in email_regex. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37714](<https://vulners.com/cve/CVE-2021-37714>) \n** DESCRIPTION: **jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the HTML and XML parser to get stuck, timeout, or throw unchecked exceptions resulting in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3795](<https://vulners.com/cve/CVE-2021-3795>) \n** DESCRIPTION: **semver-regex is vulnerable to a denial of service, caused by the inefficient regular expression complexity. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2008-3103](<https://vulners.com/cve/CVE-2008-3103>) \n** DESCRIPTION: **The Java Management Extensions (JMX) management agent included in the Sun Java Runtime Environment (JRE) could allow a remote attacker to bypass security restrictions, caused by an unspecified error. If local monitoring is enabled, a JMX client could exploit this vulnerability and perform unauthorized actions on a system running JMX. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43669>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-3109](<https://vulners.com/cve/CVE-2008-3109>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to gain unauthorized access to the system, caused by an error related to scripting language support. By persuading a victim to download an untrusted applet or application, a remote attacker could read and write local files or execute local applications that are accessible to the victim. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43660>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-5347](<https://vulners.com/cve/CVE-2008-5347>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow untrusted applets and applications to gain elevated privileges on the system, caused by multiple unspecified vulnerabilities regarding the JAX-WS and JAXB packages. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47068](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47068>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-35567](<https://vulners.com/cve/CVE-2021-35567>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2015-4041](<https://vulners.com/cve/CVE-2015-4041>) \n** DESCRIPTION: **coreutils is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the src/sort.c. By persuading a victim to run a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103307>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-42378](<https://vulners.com/cve/CVE-2021-42378>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern in the getvar_i function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42379](<https://vulners.com/cve/CVE-2021-42379>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the next_input_file function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42380](<https://vulners.com/cve/CVE-2021-42380>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the clrvar function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42381](<https://vulners.com/cve/CVE-2021-42381>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the hash_init function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42382](<https://vulners.com/cve/CVE-2021-42382>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the getvar_s function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213535](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213535>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42383](<https://vulners.com/cve/CVE-2021-42383>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the evaluate function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213536](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213536>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42384](<https://vulners.com/cve/CVE-2021-42384>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the handle_special function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213537](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213537>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42385](<https://vulners.com/cve/CVE-2021-42385>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the evaluate function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42386](<https://vulners.com/cve/CVE-2021-42386>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the nvalloc function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1799](<https://vulners.com/cve/CVE-2021-1799>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a port redirection issue in the WebRTC component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain access to restricted ports on arbitrary servers. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195887](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195887>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-1801](<https://vulners.com/cve/CVE-2021-1801>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to violate iframe sandboxing policy. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195886>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-22925](<https://vulners.com/cve/CVE-2021-22925>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain TELNET stack contents, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206051](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206051>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-7781](<https://vulners.com/cve/CVE-2017-7781>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an elliptic curve point addition error when using mixed Jacobian-affine coordinates. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to compute an incorrect shared secret. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130176](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130176>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-18508](<https://vulners.com/cve/CVE-2018-18508>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in several CMS functions. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the server to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-9074](<https://vulners.com/cve/CVE-2016-9074>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could provide weaker than expected security, caused by an insufficient mitigation of timing side-channel attacks. An attacker could exploit this vulnerability to gain launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118942](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118942>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-12399](<https://vulners.com/cve/CVE-2020-12399>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a timing timing attack when performing DSA signatures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to leak private keys and obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2015-8382](<https://vulners.com/cve/CVE-2015-8382>) \n** DESCRIPTION: **PCRE could allow a remote attacker to obtain sensitive information, caused by the mishandling of the pattern and related patterns involving (*ACCEPT) by the match function. An attacker could exploit this vulnerability using a specially crafted regular expression to obtain sensitive information or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-37750](<https://vulners.com/cve/CVE-2021-37750>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in kdc/do_tgs_req.c in the Key Distribution Center (KDC). By sending a specially-crafted FAST TGS request with no server field, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42374](<https://vulners.com/cve/CVE-2021-42374>) \n** DESCRIPTION: **BusyBox is vulnerable to a denial of service, caused by an out-of-bounds heap read in lzma/unlzma applet when specially crafted LZMA-compressed input is decompressed. A remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2021-22923](<https://vulners.com/cve/CVE-2021-22923>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper protection to user credentials by the metalink feature. By persuading a victim to connect a specially-crafted server, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3445](<https://vulners.com/cve/CVE-2021-3445>) \n** DESCRIPTION: **libdnf could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in signature verification functionality. By placing a signature in the main header, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-5827](<https://vulners.com/cve/CVE-2019-5827>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-7000](<https://vulners.com/cve/CVE-2017-7000>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by a pointer disclosure in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129419](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129419>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-7036](<https://vulners.com/cve/CVE-2015-7036>) \n** DESCRIPTION: **SQLite could allow a remote attacker to execute arbitrary code on the system, caused by a pointer error in the fts3_tokenizer function. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108154>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-28498](<https://vulners.com/cve/CVE-2020-28498>) \n** DESCRIPTION: **Node.js Elliptic module could allow a local attacker to obtain sensitive information, caused by a flaw in the secp256k1 implementation in elliptic/ec/key.js. By sending a specially-crafted request using a number of ECDH operations, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196053](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196053>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-36085](<https://vulners.com/cve/CVE-2021-36085>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36086](<https://vulners.com/cve/CVE-2021-36086>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in cil_reset_classpermission . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36087](<https://vulners.com/cve/CVE-2021-36087>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a heap-based buffer over-read in ebitmap_match_any. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-6004](<https://vulners.com/cve/CVE-2017-6004>) \n** DESCRIPTION: **Perl Compatible Regular Expressions (PCRE) is vulnerable to a denial of service, caused by a flaw in compile_bracket_matchingpath function in pcre_jit_compile.c. By supplying a specially-crafted regular expression, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/122097](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122097>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-9251](<https://vulners.com/cve/CVE-2015-9251>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10735](<https://vulners.com/cve/CVE-2016-10735>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155339](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155339>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-14041](<https://vulners.com/cve/CVE-2018-14041>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146467](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146467>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20676](<https://vulners.com/cve/CVE-2018-20676>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155338](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155338>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20677](<https://vulners.com/cve/CVE-2018-20677>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155337](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155337>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10219](<https://vulners.com/cve/CVE-2019-10219>) \n** DESCRIPTION: **Hibernate-Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SafeHtml validator annotation A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-11358](<https://vulners.com/cve/CVE-2019-11358>) \n** DESCRIPTION: **jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-8331](<https://vulners.com/cve/CVE-2019-8331>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<https://vulners.com/cve/CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11023](<https://vulners.com/cve/CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-26926](<https://vulners.com/cve/CVE-2021-26926>) \n** DESCRIPTION: **JasPer is vulnerable to a denial of service, caused by an out-of-bounds read by the jp2_decode function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to disclose information or cause the application to crash. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2021-30689](<https://vulners.com/cve/CVE-2021-30689>) \n** DESCRIPTION: **Apple iOS and iPadOS are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the WebKit. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-30744](<https://vulners.com/cve/CVE-2021-30744>) \n** DESCRIPTION: **Apple iOS and iPadOS are vulnerable to universal cross-site scripting, caused by improper validation of user-supplied input by the WebKit component. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202342](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202342>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7526](<https://vulners.com/cve/CVE-2017-7526>) \n** DESCRIPTION: **Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128271](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128271>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2008-1191](<https://vulners.com/cve/CVE-2008-1191>) \n** DESCRIPTION: **Sun Java Web Start in Sun JDK and JRE could allow a remote attacker to gain elevated privileges, caused by an unspecified vulnerability which allows an untrusted application to assign additional permissions to itself. An attacker could exploit this vulnerability and gain elevated privileges to create arbitrary files on the system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/41136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/41136>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-26691](<https://vulners.com/cve/CVE-2021-26691>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mod_session. By sending a specially crafted SessionHeader, a remote attacker could overflow a buffer and cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33560](<https://vulners.com/cve/CVE-2021-33560>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by improper handling of ElGamal encryption. By using side-channel attack techniques against mpi_powm, and the window size, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203266](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203266>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-35550](<https://vulners.com/cve/CVE-2021-35550>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-2779](<https://vulners.com/cve/CVE-2016-2779>) \n** DESCRIPTION: **util-linux could allow a local attacker to gain elevated privileges on the system, caused by an error when executing a program via \"runuser -u nonpriv program\". An attacker could exploit this vulnerability using the TIOCSTI ioctl to hijack the tty and gain elevated privileges on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-5218](<https://vulners.com/cve/CVE-2015-5218>) \n** DESCRIPTION: **util-linux is vulnerable to a buffer overflow, caused by improper bounds checking by the page parameter in the text-utils/colcrt.c script. By parsing specially-crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-2781](<https://vulners.com/cve/CVE-2016-2781>) \n** DESCRIPTION: **util-linux could allow a local attacker to gain elevated privileges on the system, caused by an error when executing a program via \"chroot --userspec=someuser:somegroup / /path/to/test\". An attacker could exploit this vulnerability using the TIOCSTI ioctl to hijack the tty and gain elevated privileges on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-1000100](<https://vulners.com/cve/CVE-2017-1000100>) \n** DESCRIPTION: **cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL processing error when doing a TFTP transfer. By redirecting a libcurl-using client request to a TFTP URL containing an overly long file name and tricking the server to send private memory contents, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130190>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22939](<https://vulners.com/cve/CVE-2021-22939>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207233](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207233>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-36159](<https://vulners.com/cve/CVE-2021-36159>) \n** DESCRIPTION: **libfetch could allow a remote attacker to obtain sensitive information, caused by the an out-of-bounds read flaw when handling numeric strings for the FTP and HTTP protocols. By sending a specially-crafted input, an attacker could exploit this vulnerability to obtain sensitive information, or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206715](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206715>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-7751](<https://vulners.com/cve/CVE-2020-7751>) \n** DESCRIPTION: **Pathval could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190564](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190564>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23358](<https://vulners.com/cve/CVE-2021-23358>) \n** DESCRIPTION: **Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the template function. By sending a specially-crafted argument using the variable property, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198958](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198958>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3711](<https://vulners.com/cve/CVE-2021-3711>) \n** DESCRIPTION: **OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208072](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208072>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-25014](<https://vulners.com/cve/CVE-2018-25014>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an uninitialized variable in function ReadSymbol. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18218](<https://vulners.com/cve/CVE-2019-18218>) \n** DESCRIPTION: **File is vulnerable to a heap-based buffer overflow, caused by improper improper bounds checking by the cdf_read_property_info function in cdf.c. By sending an overly large amount of CDF_VECTOR elements, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169693](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169693>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42574](<https://vulners.com/cve/CVE-2021-42574>) \n** DESCRIPTION: **Unicode could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the bidirectional algorithm in the unicode specification. By creating a malicious patch containing well placed BiDi characters, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: This vulnerability also affects Rust. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3115](<https://vulners.com/cve/CVE-2021-3115>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a command injection flaw when using the go get command to fetch modules that make use of cgo. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195678](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195678>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15088](<https://vulners.com/cve/CVE-2017-15088>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a buffer overflow, caused by improper bounds checking by the Distinguished Name (DN) fields in the get_matching_data and X509_NAME_oneline_ex functions. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2008-5352](<https://vulners.com/cve/CVE-2008-5352>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll). By persuading a victim to visit a malicious Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47062>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2008-5358](<https://vulners.com/cve/CVE-2008-5358>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to execute arbitrary code on the system, caused by an error when parsing GIF image files. By persuading a victim to visit a specially-crafted Web site containing a malicious GIF file, a remote attacker could corrupt memory during a splash screen display and execute arbitrary code on the system with the privileges of the victim. \nCVSS Base score: 9.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47049>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2018-25009](<https://vulners.com/cve/CVE-2018-25009>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202260](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202260>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25010](<https://vulners.com/cve/CVE-2018-25010>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ApplyFilter. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25012](<https://vulners.com/cve/CVE-2018-25012>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202258](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202258>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25013](<https://vulners.com/cve/CVE-2018-25013>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202257](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202257>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-36330](<https://vulners.com/cve/CVE-2020-36330>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ChunkVerifyAndAssign. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-36331](<https://vulners.com/cve/CVE-2020-36331>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ChunkAssignData. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202250](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202250>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-29921](<https://vulners.com/cve/CVE-2021-29921>) \n** DESCRIPTION: **Python is vulnerable to server-side request forgery, caused by improper input validation of octal strings in the stdlib ipaddress. By submitting a specially-crafted IP address to a web application, an attacker could exploit this vulnerability to conduct SSRF or local file include attacks. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201083](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201083>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-40438](<https://vulners.com/cve/CVE-2021-40438>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in mod_proxy. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to forward the request to an origin server chosen by the remote user. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13057](<https://vulners.com/cve/CVE-2019-13057>) \n** DESCRIPTION: **NetApp Data ONTAP operating in 7-Mode could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-28650](<https://vulners.com/cve/CVE-2021-28650>) \n** DESCRIPTION: **GNOME gnome-autoar could allow a remote attacker to traverse directories on the system, caused by the lack of a check of whether a file's parent is a symlink in certain complex situations in autoar-extractor.c. n attacker can exploit this vulnerability to modify, create, or delete arbitrary files on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2020-15719](<https://vulners.com/cve/CVE-2020-15719>) \n** DESCRIPTION: **libldap in certain third-party OpenLDAP packages is vulnerable to a man-in-the-middle attack, caused by a certificate-validation flaw when asserting RFC6125 support. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185628](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185628>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-20284](<https://vulners.com/cve/CVE-2021-20284>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3572](<https://vulners.com/cve/CVE-2021-3572>) \n** DESCRIPTION: **pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208954>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-42771](<https://vulners.com/cve/CVE-2021-42771>) \n** DESCRIPTION: **Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing \"dot dot\" sequences (/../) to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-0247](<https://vulners.com/cve/CVE-2015-0247>) \n** DESCRIPTION: **e2fsprogs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libext2fs library. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100740>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-3106](<https://vulners.com/cve/CVE-2008-3106>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to gain unauthorized access, caused by an error in XML data processing. By persuading a victim to download an untrusted applet or application, a remote attacker could gain unauthorized access to certain files and Web pages. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43658>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2008-3110](<https://vulners.com/cve/CVE-2008-3110>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to obtain sensitive information, caused by an error related to scripting language support. By persuading a victim to download an untrusted applet, a remote attacker could obtain information from another applet. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43661>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2008-5349](<https://vulners.com/cve/CVE-2008-5349>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an unspecified error while processing RSA public keys. A remote attacker could exploit this vulnerability using a specially-crafted RSA public key to consume all available CPU resources. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47064](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47064>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-2413](<https://vulners.com/cve/CVE-2014-2413>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92489>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-13750](<https://vulners.com/cve/CVE-2019-13750>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass defense-in-depth measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172986](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172986>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-13751](<https://vulners.com/cve/CVE-2019-13751>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by uninitialized use in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information from process memory. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172987>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-27291](<https://vulners.com/cve/CVE-2021-27291>) \n** DESCRIPTION: **pygments is vulnerable to a denial of service. By persuading a victim to open a specially-crafted ODIN file using the \"&lt;\" character, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS