The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
{"nessus": [{"lastseen": "2021-09-04T02:34:46", "description": "This update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs encountered by Fedora users.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 24 : glibc (2016-b321728d74)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-B321728D74.NASL", "href": "https://www.tenable.com/plugins/nessus/92146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b321728d74.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92146);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\");\n script_xref(name:\"FEDORA\", value:\"2016-b321728d74\");\n\n script_name(english:\"Fedora 24 : glibc (2016-b321728d74)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains minor security fixes (for CVE-2016-3075,\nCVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs\nencountered by Fedora users.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b321728d74\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"glibc-2.23.1-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-04T02:34:00", "description": "This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854)\n\n - Remove mtrace.1, now included in the man-pages package.\n (bsc#967190)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-2016-852)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-852.NASL", "href": "https://www.tenable.com/plugins/nessus/91987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-852.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91987);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-4429\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-2016-852)\");\n script_summary(english:\"Check for the openSUSE-2016-852 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429,\n bsc#980854)\n\n - Remove mtrace.1, now included in the man-pages package.\n (bsc#967190)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980854\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-debugsource-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-devel-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-devel-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-devel-static-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-extra-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-extra-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-html-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-i18ndata-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-info-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-locale-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-locale-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-obsolete-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-obsolete-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-profile-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-utils-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-utils-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"glibc-utils-debugsource-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nscd-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nscd-debuginfo-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.19-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.19-22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-04T02:30:43", "description": "This update for glibc fixes the following issues :\n\n - Drop old fix that could break services that start before IPv6 is up. (bsc#931399)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302)\n\n - Fix nscd assertion failure in gc. (bsc#965699)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-html", "p-cpe:/a:novell:suse_linux:glibc-i18ndata", "p-cpe:/a:novell:suse_linux:glibc-info", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2156-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2156-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93309);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-4429\");\n\n script_name(english:\"SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glibc fixes the following issues :\n\n - Drop old fix that could break services that start before\n IPv6 is up. (bsc#931399)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Relocate DSOs in dependency order, fixing a potential\n crash during symbol relocation phase. (bsc#986302)\n\n - Fix nscd assertion failure in gc. (bsc#965699)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429,\n bsc#980854)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1234/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4429/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162156-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e736d9c3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-glibc-12712=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-glibc-12712=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-glibc-12712=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-devel-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-locale-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"glibc-profile-32bit-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-devel-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-html-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-i18ndata-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-info-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-locale-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"glibc-profile-2.11.3-17.102.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"nscd-2.11.3-17.102.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-04T02:32:34", "description": "This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-debugsource", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "p-cpe:/a:novell:suse_linux:nscd-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1721-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93173);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-4429\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call (CVE-2016-4429,\n bsc#980854)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1234/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4429/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161721-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d392d81d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-1015=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-1015=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-1015=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debugsource-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-profile-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nscd-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nscd-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-devel-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-locale-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"glibc-profile-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-debugsource-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"nscd-2.19-22.16.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"nscd-debuginfo-2.19-22.16.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:56:45", "description": "Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc :\n\nCVE-2016-1234\n\nAlexander Cherepanov discovered that the glibc's glob implementation suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name.\n\nCVE-2016-3075\n\nThe getnetbyname implementation in nss_dns was susceptible to a stack overflow and a crash if it was invoked on a very long name.\n\nCVE-2016-3706\n\nMichael Petlan reported that getaddrinfo copied large amounts of address data to the stack, possibly leading to a stack overflow. This complements the fix for CVE-2013-4458.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.13-38+deb7u11.\n\nWe recommend you to upgrade your eglibc packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-05-31T00:00:00", "type": "nessus", "title": "Debian DLA-494-1 : eglibc security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:eglibc-source", "p-cpe:/a:debian:debian_linux:glibc-doc", "p-cpe:/a:debian:debian_linux:libc-bin", "p-cpe:/a:debian:debian_linux:libc-dev-bin", "p-cpe:/a:debian:debian_linux:libc0.1", "p-cpe:/a:debian:debian_linux:libc0.1-dbg", "p-cpe:/a:debian:debian_linux:libc0.1-dev", "p-cpe:/a:debian:debian_linux:libc0.1-dev-i386", "p-cpe:/a:debian:debian_linux:libc0.1-i386", "p-cpe:/a:debian:debian_linux:libc0.1-i686", "p-cpe:/a:debian:debian_linux:libc0.1-pic", "p-cpe:/a:debian:debian_linux:libc0.1-prof", "p-cpe:/a:debian:debian_linux:libc6", "p-cpe:/a:debian:debian_linux:libc6-amd64", "p-cpe:/a:debian:debian_linux:libc6-dbg", "p-cpe:/a:debian:debian_linux:libc6-dev", "p-cpe:/a:debian:debian_linux:libc6-dev-amd64", "p-cpe:/a:debian:debian_linux:libc6-dev-i386", "p-cpe:/a:debian:debian_linux:libc6-dev-mips64", "p-cpe:/a:debian:debian_linux:libc6-dev-mipsn32", "p-cpe:/a:debian:debian_linux:libc6-dev-ppc64", "p-cpe:/a:debian:debian_linux:libc6-dev-s390", "p-cpe:/a:debian:debian_linux:libc6-dev-s390x", "p-cpe:/a:debian:debian_linux:libc6-dev-sparc64", "p-cpe:/a:debian:debian_linux:libc6-i386", "p-cpe:/a:debian:debian_linux:libc6-i686", "p-cpe:/a:debian:debian_linux:libc6-loongson2f", "p-cpe:/a:debian:debian_linux:libc6-mips64", "p-cpe:/a:debian:debian_linux:libc6-mipsn32", "p-cpe:/a:debian:debian_linux:libc6-pic", "p-cpe:/a:debian:debian_linux:libc6-ppc64", "p-cpe:/a:debian:debian_linux:libc6-prof", "p-cpe:/a:debian:debian_linux:libc6-s390", "p-cpe:/a:debian:debian_linux:libc6-s390x", "p-cpe:/a:debian:debian_linux:libc6-sparc64", "p-cpe:/a:debian:debian_linux:libc6-xen", "p-cpe:/a:debian:debian_linux:libc6.1", "p-cpe:/a:debian:debian_linux:libc6.1-dbg", "p-cpe:/a:debian:debian_linux:libc6.1-dev", "p-cpe:/a:debian:debian_linux:libc6.1-pic", "p-cpe:/a:debian:debian_linux:libc6.1-prof", "p-cpe:/a:debian:debian_linux:locales", "p-cpe:/a:debian:debian_linux:locales-all", "p-cpe:/a:debian:debian_linux:multiarch-support", "p-cpe:/a:debian:debian_linux:nscd", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-494.NASL", "href": "https://www.tenable.com/plugins/nessus/91361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-494-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91361);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\");\n\n script_name(english:\"Debian DLA-494-1 : eglibc security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been fixed in the Debian GNU C Library,\neglibc :\n\nCVE-2016-1234\n\nAlexander Cherepanov discovered that the glibc's glob implementation\nsuffered from a stack-based buffer overflow when it was called with\nthe GLOB_ALTDIRFUNC flag and encountered a long file name.\n\nCVE-2016-3075\n\nThe getnetbyname implementation in nss_dns was susceptible to a stack\noverflow and a crash if it was invoked on a very long name.\n\nCVE-2016-3706\n\nMichael Petlan reported that getaddrinfo copied large amounts of\naddress data to the stack, possibly leading to a stack overflow. This\ncomplements the fix for CVE-2013-4458.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.13-38+deb7u11.\n\nWe recommend you to upgrade your eglibc packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/eglibc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eglibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:glibc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc0.1-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-mips64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-mipsn32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-dev-sparc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-loongson2f\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-mips64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-mipsn32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-sparc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6.1-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libc6.1-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multiarch-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"eglibc-source\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"glibc-doc\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-bin\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc-dev-bin\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dbg\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-dev-i386\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i386\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-i686\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-pic\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc0.1-prof\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-amd64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dbg\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-amd64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-i386\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mips64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-mipsn32\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-ppc64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-s390x\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-dev-sparc64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i386\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-i686\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-loongson2f\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mips64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-mipsn32\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-pic\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-ppc64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-prof\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-s390x\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-sparc64\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6-xen\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-dbg\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-dev\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-pic\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libc6.1-prof\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"locales-all\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"multiarch-support\", reference:\"2.13-38+deb7u11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"nscd\", reference:\"2.13-38+deb7u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:17:49", "description": "An update of the glibc package has been released.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Glibc PHSA-2017-0013", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2022-01-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glibc", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0013_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/121682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0013. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121682);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/27\");\n\n script_cve_id(\n \"CVE-2016-1234\",\n \"CVE-2016-3075\",\n \"CVE-2016-3706\",\n \"CVE-2016-4429\"\n );\n\n script_name(english:\"Photon OS 1.0: Glibc PHSA-2017-0013\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glibc package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-37.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3706\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-devel-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-devel-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-devel-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-devel-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-lang-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-lang-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-lang-2.22-10.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"glibc-lang-2.22-10.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-04T02:32:48", "description": "This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854)\n\n - Remove mtrace.1, now included in the man-pages package.\n (bsc#967190)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:glibc", "p-cpe:/a:novell:suse_linux:glibc-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-debugsource", "p-cpe:/a:novell:suse_linux:glibc-devel", "p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-locale", "p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo", "p-cpe:/a:novell:suse_linux:glibc-profile", "p-cpe:/a:novell:suse_linux:nscd", "p-cpe:/a:novell:suse_linux:nscd-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1733-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1733-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93175);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-4429\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for glibc provides the following fixes :\n\n - Increase DTV_SURPLUS limit. (bsc#968787)\n\n - Do not copy d_name field of struct dirent.\n (CVE-2016-1234, bsc#969727)\n\n - Fix memory leak in _nss_dns_gethostbyname4_r.\n (bsc#973010)\n\n - Fix stack overflow in _nss_dns_getnetbyname_r.\n (CVE-2016-3075, bsc#973164)\n\n - Fix malloc performance regression from SLE 11.\n (bsc#975930)\n\n - Fix getaddrinfo stack overflow in hostent conversion.\n (CVE-2016-3706, bsc#980483)\n\n - Do not use alloca in clntudp_call. (CVE-2016-4429,\n bsc#980854)\n\n - Remove mtrace.1, now included in the man-pages package.\n (bsc#967190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1234/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3075/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4429/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161733-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc46cc7a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1021=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1021=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1021=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-debugsource-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-devel-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-devel-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-locale-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-locale-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-profile-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"nscd-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"nscd-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-devel-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-devel-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-locale-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-locale-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"glibc-profile-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-debugsource-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"nscd-2.19-38.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"nscd-debuginfo-2.19-38.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-04T02:35:04", "description": "This update for glibc fixes the following issues :\n\n - glob-altdirfunc.patch: Do not copy d_name field of struct dirent (CVE-2016-1234, boo#969727, BZ #19779)\n\n - nss-dns-memleak-2.patch: fix memory leak in\n _nss_dns_gethostbyname4_r (boo#973010)\n\n - nss-dns-getnetbyname.patch: fix stack overflow in\n _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879)\n\n - getaddrinfo-hostent-conv-stack-overflow.patch:\n getaddrinfo stack overflow in hostent conversion (CVE-2016-3706, boo#980483, BZ #20010)\n\n - clntudp-call-alloca.patch: do not use alloca in clntudp_call (CVE-2016-4429, boo#980854, BZ #20112)", "cvss3": {"score": null, "vector": null}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : glibc (openSUSE-2016-699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:glibc", "p-cpe:/a:novell:opensuse:glibc-32bit", "p-cpe:/a:novell:opensuse:glibc-debuginfo", "p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-debugsource", "p-cpe:/a:novell:opensuse:glibc-devel", "p-cpe:/a:novell:opensuse:glibc-devel-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo", "p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-devel-static", "p-cpe:/a:novell:opensuse:glibc-devel-static-32bit", "p-cpe:/a:novell:opensuse:glibc-extra", "p-cpe:/a:novell:opensuse:glibc-extra-debuginfo", "p-cpe:/a:novell:opensuse:glibc-html", "p-cpe:/a:novell:opensuse:glibc-i18ndata", "p-cpe:/a:novell:opensuse:glibc-info", "p-cpe:/a:novell:opensuse:glibc-locale", "p-cpe:/a:novell:opensuse:glibc-locale-32bit", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo", "p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-obsolete", "p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo", "p-cpe:/a:novell:opensuse:glibc-profile", "p-cpe:/a:novell:opensuse:glibc-profile-32bit", "p-cpe:/a:novell:opensuse:glibc-utils", "p-cpe:/a:novell:opensuse:glibc-utils-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo", "p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit", "p-cpe:/a:novell:opensuse:glibc-utils-debugsource", "p-cpe:/a:novell:opensuse:nscd", "p-cpe:/a:novell:opensuse:nscd-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-699.NASL", "href": "https://www.tenable.com/plugins/nessus/91534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-699.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91534);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-4429\");\n\n script_name(english:\"openSUSE Security Update : glibc (openSUSE-2016-699)\");\n script_summary(english:\"Check for the openSUSE-2016-699 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for glibc fixes the following issues :\n\n - glob-altdirfunc.patch: Do not copy d_name field of\n struct dirent (CVE-2016-1234, boo#969727, BZ #19779)\n\n - nss-dns-memleak-2.patch: fix memory leak in\n _nss_dns_gethostbyname4_r (boo#973010)\n\n - nss-dns-getnetbyname.patch: fix stack overflow in\n _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ\n #19879)\n\n - getaddrinfo-hostent-conv-stack-overflow.patch:\n getaddrinfo stack overflow in hostent conversion\n (CVE-2016-3706, boo#980483, BZ #20010)\n\n - clntudp-call-alloca.patch: do not use alloca in\n clntudp_call (CVE-2016-4429, boo#980854, BZ #20112)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980854\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-i18ndata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-profile-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:glibc-utils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nscd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, \"Temporarily disabled.\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-debugsource-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-devel-static-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-extra-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-extra-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-html-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-i18ndata-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-info-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-locale-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-locale-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-obsolete-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-obsolete-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-profile-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"glibc-utils-debugsource-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nscd-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nscd-debuginfo-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-debugsource-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-devel-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-devel-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-devel-static-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-locale-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-locale-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"glibc-profile-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-debuginfo-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-debugsource-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-debuginfo-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-static-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-devel-static-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-locale-debuginfo-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-profile-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-profile-32bit-2.19-16.25.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-utils-32bit-2.19-16.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"glibc-utils-debuginfo-32bit-2.19-16.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:19", "description": "This update addresses a minor security bug (CVE-2016-3706) and works around a bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are included as well.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 23 : glibc (2016-b0e67c88b5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3706"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-B0E67C88B5.NASL", "href": "https://www.tenable.com/plugins/nessus/92144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b0e67c88b5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92144);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-3706\");\n script_xref(name:\"FEDORA\", value:\"2016-b0e67c88b5\");\n\n script_name(english:\"Fedora 23 : glibc (2016-b0e67c88b5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a minor security bug (CVE-2016-3706) and works\naround a bug in Address Sanitizer (ASAN) which would cause\nASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23\n(Fedora#1335011). Locale updates are included as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0e67c88b5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"glibc-2.22-16.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:26:58", "description": "An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2016-1234", "CVE-2016-1546", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-6313", "CVE-2016-6318"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:cracklib", "p-cpe:/a:vmware:photonos:glibc", "p-cpe:/a:vmware:photonos:httpd", "p-cpe:/a:vmware:photonos:libevent", "p-cpe:/a:vmware:photonos:libgcrypt", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0013.NASL", "href": "https://www.tenable.com/plugins/nessus/111862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0013. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111862);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2016-1234\",\n \"CVE-2016-1546\",\n \"CVE-2016-3075\",\n \"CVE-2016-3706\",\n \"CVE-2016-4429\",\n \"CVE-2016-6313\",\n \"CVE-2016-6318\",\n \"CVE-2016-10195\",\n \"CVE-2016-10196\",\n \"CVE-2016-10197\"\n );\n\n script_name(english:\"Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for\nPhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-37\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5405b83\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4429\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:cracklib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libgcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"cracklib-2.9.6-3.ph1\",\n \"cracklib-debuginfo-2.9.6-3.ph1\",\n \"cracklib-devel-2.9.6-3.ph1\",\n \"cracklib-dicts-2.9.6-3.ph1\",\n \"cracklib-lang-2.9.6-3.ph1\",\n \"cracklib-python-2.9.6-3.ph1\",\n \"glibc-2.22-10.ph1\",\n \"glibc-devel-2.22-10.ph1\",\n \"glibc-lang-2.22-10.ph1\",\n \"httpd-2.4.25-2.ph1\",\n \"httpd-debuginfo-2.4.25-2.ph1\",\n \"httpd-devel-2.4.25-2.ph1\",\n \"httpd-docs-2.4.25-2.ph1\",\n \"httpd-tools-2.4.25-2.ph1\",\n \"libevent-2.1.8-1.ph1\",\n \"libevent-debuginfo-2.1.8-1.ph1\",\n \"libevent-devel-2.1.8-1.ph1\",\n \"libgcrypt-1.7.6-1.ph1\",\n \"libgcrypt-debuginfo-1.7.6-1.ph1\",\n \"libgcrypt-devel-1.7.6-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cracklib / glibc / httpd / libevent / libgcrypt\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-07T23:48:14", "description": "According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234"], "modified": "2021-09-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1069.NASL", "href": "https://www.tenable.com/plugins/nessus/145145", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145145);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/07\");\n\n script_cve_id(\n \"CVE-2016-1234\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1069)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glibc packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in the glob implementation\n in GNU C Library (aka glibc) before 2.24, when\n GLOB_ALTDIRFUNC is used, allows context-dependent\n attackers to cause a denial of service (crash) via a\n long name.(CVE-2016-1234)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1069\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bcd61238\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-196.h39\",\n \"glibc-common-2.17-196.h39\",\n \"glibc-devel-2.17-196.h39\",\n \"glibc-headers-2.17-196.h39\",\n \"glibc-static-2.17-196.h39\",\n \"glibc-utils-2.17-196.h39\",\n \"nscd-2.17-196.h39\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:59", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2016:2573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2573.NASL", "href": "https://www.tenable.com/plugins/nessus/95320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2573 and \n# CentOS Errata and Security Advisory 2016:2573 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95320);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-3075\");\n script_xref(name:\"RHSA\", value:\"2016:2573\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2016:2573)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a\nprivileged or network-facing service that would attempt to resolve\nuser-provided network names, an attacker could provide an excessively\nlong network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46fa8a62\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3075\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nscd-2.17-157.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "Security Fix(es) :\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user- provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95840);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-3075\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch\n configured to include 'networks: dns' with a privileged\n or network-facing service that would attempt to resolve\n user- provided network names, an attacker could provide\n an excessively long network name, resulting in stack\n corruption and code execution. (CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=13916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7571c93\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-debuginfo-common-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nscd-2.17-157.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:36:51", "description": "According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/99833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99833);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-3075\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : glibc (EulerOS-SA-2016-1073)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the glibc packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch\n configured to include 'networks: dns' with a privileged\n or network-facing service that would attempt to resolve\n user-provided network names, an attacker could provide\n an excessively long network name, resulting in stack\n corruption and code execution.(CVE-2016-3075)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1073\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?384a1aed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h5\",\n \"glibc-common-2.17-111.h5\",\n \"glibc-devel-2.17-111.h5\",\n \"glibc-headers-2.17-111.h5\",\n \"glibc-static-2.17-111.h5\",\n \"glibc-utils-2.17-111.h5\",\n \"nscd-2.17-111.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:13:37", "description": "A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-02-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2017-792)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:glibc", "p-cpe:/a:amazon:linux:glibc-common", "p-cpe:/a:amazon:linux:glibc-debuginfo", "p-cpe:/a:amazon:linux:glibc-debuginfo-common", "p-cpe:/a:amazon:linux:glibc-devel", "p-cpe:/a:amazon:linux:glibc-headers", "p-cpe:/a:amazon:linux:glibc-static", "p-cpe:/a:amazon:linux:glibc-utils", "p-cpe:/a:amazon:linux:nscd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-792.NASL", "href": "https://www.tenable.com/plugins/nessus/97022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-792.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97022);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-3075\");\n script_xref(name:\"ALAS\", value:\"2017-792\");\n\n script_name(english:\"Amazon Linux AMI : glibc (ALAS-2017-792)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a\nprivileged or network-facing service that would attempt to resolve\nuser-provided network names, an attacker could provide an excessively\nlong network name, resulting in stack corruption and code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-792.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update glibc' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"glibc-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-common-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-debuginfo-common-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-devel-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-headers-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-static-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"glibc-utils-2.17-157.169.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nscd-2.17-157.169.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:43", "description": "From Red Hat Security Advisory 2016:2573 :\n\nAn update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2016-2573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2573.NASL", "href": "https://www.tenable.com/plugins/nessus/94696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2573 and \n# Oracle Linux Security Advisory ELSA-2016-2573 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94696);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-3075\");\n script_xref(name:\"RHSA\", value:\"2016:2573\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2016-2573)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2573 :\n\nAn update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a\nprivileged or network-facing service that would attempt to resolve\nuser-provided network names, an attacker could provide an excessively\nlong network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006465.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected glibc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-devel-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-static-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-157.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nscd-2.17-157.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:20", "description": "An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2016:2573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2573.NASL", "href": "https://www.tenable.com/plugins/nessus/94536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2573. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94536);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-3075\");\n script_xref(name:\"RHSA\", value:\"2016:2573\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2016:2573)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for glibc is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX\nthread libraries (libpthread), standard math libraries (libm), and the\nname service cache daemon (nscd) used by multiple programs on the\nsystem. Without these libraries, the Linux system cannot function\ncorrectly.\n\nSecurity Fix(es) :\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.\nOn systems with nsswitch configured to include 'networks: dns' with a\nprivileged or network-facing service that would attempt to resolve\nuser-provided network names, an attacker could provide an excessively\nlong network name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3075\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2573\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-common-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-common-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-debuginfo-common-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-devel-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-headers-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-headers-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"glibc-static-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"glibc-utils-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"glibc-utils-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nscd-2.17-157.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nscd-2.17-157.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:42:05", "description": "This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes for bugs encountered by Fedora users.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9761", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-1234", "CVE-2016-3075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:glibc", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-68ABC0BE35.NASL", "href": "https://www.tenable.com/plugins/nessus/91063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-68abc0be35.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91063);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9761\", \"CVE-2015-8776\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-1234\", \"CVE-2016-3075\");\n script_xref(name:\"FEDORA\", value:\"2016-68abc0be35\");\n\n script_name(english:\"Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains minor security fixes (for CVE-2016-3075,\nCVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761,\nCVE-2015-8779) and collects fixes for bugs encountered by Fedora\nusers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1293139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1307234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1313404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1315648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1316972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1321372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1321861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1321954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1332912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1332914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1332917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1333901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1333940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1333945\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5fd1005\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glibc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"glibc-2.22-15.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:42", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-12-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : glibc vulnerability (K06493172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2016-3706"], "modified": "2020-03-27T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL06493172.NASL", "href": "https://www.tenable.com/plugins/nessus/119732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K06493172.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119732);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/27\");\n\n script_cve_id(\"CVE-2013-4458\", \"CVE-2016-3706\");\n script_bugtraq_id(63299);\n\n script_name(english:\"F5 Networks BIG-IP : glibc vulnerability (K06493172)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)\nallows remote attackers to cause a denial of service (crash) via\nvectors involving hostent conversion. NOTE: this vulnerability exists\nbecause of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K06493172\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K06493172.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K06493172\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.1\",\"12.0.0-12.1.3\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:37:33", "description": "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error.\n\nIt was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.\nAn attacker could use this to cause a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)\n\nMichael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.\nAn attacker could use this to cause a denial of service.\n(CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-24T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3239-3.NASL", "href": "https://www.tenable.com/plugins/nessus/97936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3239-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97936);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\", \"CVE-2016-1234\", \"CVE-2016-3706\", \"CVE-2016-4429\", \"CVE-2016-5417\", \"CVE-2016-6323\");\n script_xref(name:\"USN\", value:\"3239-3\");\n\n script_name(english:\"Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,\nthe fix for CVE-2016-3706 introduced a regression that in some\ncircumstances prevented IPv6 addresses from resolving. This update\nreverts the change in Ubuntu 12.04 LTS. We apologize for the error.\n\nIt was discovered that the GNU C Library incorrectly handled the\nstrxfrm() function. An attacker could use this issue to cause a denial\nof service or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An\nattacker could use this to cause a denial of service or\npossibly execute arbitrary code. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C\nLibrary did not properly handle certain malformed patterns.\nAn attacker could use this to cause a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer\noverflow in the glob implementation of the GNU C Library. An\nattacker could use this to specially craft a directory\nlayout and cause a denial of service. (CVE-2016-1234)\n\nMichael Petlan discovered an unbounded stack allocation in\nthe getaddrinfo() function of the GNU C Library. An attacker\ncould use this to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in\nthe sunrpc implementation in the GNU C Library. An attacker\ncould use this to cause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation\nin the GNU C Library did not properly track memory\nallocations. An attacker could use this to cause a denial of\nservice. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM\n32-bit platforms did not properly set up execution contexts.\nAn attacker could use this to cause a denial of service.\n(CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3239-3/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.18\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:28:32", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2017-12132"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1844.NASL", "href": "https://www.tenable.com/plugins/nessus/128896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128896);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2017-12132\");\n\n script_name(english:\"EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1844)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the glob implementation\n in GNU C Library (aka glibc) before 2.24, when\n GLOB_ALTDIRFUNC is used, allows context-dependent\n attackers to cause a denial of service (crash) via a\n long name.(CVE-2016-1234)\n\n - The DNS stub resolver in the GNU C Library (aka glibc\n or libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation.(CVE-2017-12132)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1844\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7877c9cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h37\",\n \"glibc-common-2.17-111.h37\",\n \"glibc-devel-2.17-111.h37\",\n \"glibc-headers-2.17-111.h37\",\n \"glibc-static-2.17-111.h37\",\n \"glibc-utils-2.17-111.h37\",\n \"nscd-2.17-111.h37\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:37:53", "description": "The remote host is affected by the vulnerability described in GLSA-201702-11 (GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information, or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "GLSA-201702-11 : GNU C Library: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9761", "CVE-2015-5277", "CVE-2015-8776", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-1234", "CVE-2016-3075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:glibc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201702-11.NASL", "href": "https://www.tenable.com/plugins/nessus/97254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201702-11.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97254);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9761\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2015-8777\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-1234\", \"CVE-2016-3075\");\n script_xref(name:\"GLSA\", value:\"201702-11\");\n\n script_name(english:\"GLSA-201702-11 : GNU C Library: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201702-11\n(GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could possibly execute arbitrary code with\n the privileges of the process, disclose sensitive information, or cause a\n Denial of Service condition via multiple vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201702-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU C Library users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.23-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-libs/glibc\", unaffected:make_list(\"ge 2.23-r3\"), vulnerable:make_list(\"lt 2.23-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU C Library\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:31", "description": "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience.\n\nPlease note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again.\n\nIt was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns.\nAn attacker could use this to cause a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts.\nAn attacker could use this to cause a denial of service.\n(CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-22T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5180", "CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3239-2.NASL", "href": "https://www.tenable.com/plugins/nessus/97887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3239-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97887);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-5180\", \"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\", \"CVE-2016-1234\", \"CVE-2016-3706\", \"CVE-2016-4429\", \"CVE-2016-5417\", \"CVE-2016-6323\");\n script_xref(name:\"USN\", value:\"3239-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,\nthe fix for CVE-2015-5180 introduced an internal ABI change within the\nresolver library. This update reverts the change. We apologize for the\ninconvenience.\n\nPlease note that long-running services that were restarted to\ncompensate for the USN-3239-1 update may need to be restarted again.\n\nIt was discovered that the GNU C Library incorrectly handled the\nstrxfrm() function. An attacker could use this issue to cause a denial\nof service or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An\nattacker could use this to cause a denial of service or\npossibly execute arbitrary code. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C\nLibrary did not properly handle certain malformed patterns.\nAn attacker could use this to cause a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer\noverflow in the glob implementation of the GNU C Library. An\nattacker could use this to specially craft a directory\nlayout and cause a denial of service. (CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the\nDNS resolver of the GNU C Library. An attacker could use\nthis to cause a denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in\nthe getaddrinfo() function of the GNU C Library. An attacker\ncould use this to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in\nthe sunrpc implementation in the GNU C Library. An attacker\ncould use this to cause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation\nin the GNU C Library did not properly track memory\nallocations. An attacker could use this to cause a denial of\nservice. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM\n32-bit platforms did not properly set up execution contexts.\nAn attacker could use this to cause a denial of service.\n(CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3239-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.11\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libc6\", pkgver:\"2.23-0ubuntu7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:48", "description": "It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service.\n(CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-21T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5180", "CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3239-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97856", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3239-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97856);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2015-5180\", \"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\", \"CVE-2016-1234\", \"CVE-2016-3706\", \"CVE-2016-4429\", \"CVE-2016-5417\", \"CVE-2016-6323\");\n script_xref(name:\"USN\", value:\"3239-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the GNU C Library incorrectly handled the\nstrxfrm() function. An attacker could use this issue to cause a denial\nof service or possibly execute arbitrary code. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library did\nnot properly handle certain malformed patterns. An attacker could use\nthis to cause a denial of service. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the\nglob implementation of the GNU C Library. An attacker could use this\nto specially craft a directory layout and cause a denial of service.\n(CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS\nresolver of the GNU C Library. An attacker could use this to cause a\ndenial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the\ngetaddrinfo() function of the GNU C Library. An attacker could use\nthis to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc\nimplementation in the GNU C Library. An attacker could use this to\ncause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the\nGNU C Library did not properly track memory allocations. An attacker\ncould use this to cause a denial of service. This issue only affected\nUbuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit\nplatforms did not properly set up execution contexts. An attacker\ncould use this to cause a denial of service. (CVE-2016-6323).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3239-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected libc6 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libc6\", pkgver:\"2.23-0ubuntu6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-19T17:11:42", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739)\n\n - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)\n\n - Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10739", "CVE-2016-1234", "CVE-2017-12133"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2155.NASL", "href": "https://www.tenable.com/plugins/nessus/130864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130864);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2016-1234\", \"CVE-2016-10739\", \"CVE-2017-12133\");\n\n script_name(english:\"EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28,\n the getaddrinfo function would successfully parse a\n string that contained an IPv4 address followed by\n whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a\n valid string, without the possibility of embedded HTTP\n headers or other potentially dangerous\n substrings.(CVE-2016-10739)\n\n - Use-after-free vulnerability in the clntudp_call\n function in sunrpc/clnt_udp.c in the GNU C Library (aka\n glibc or libc6) before 2.26 allows remote attackers to\n have unspecified impact via vectors related to error\n path.(CVE-2017-12133)\n\n - Stack-based buffer overflow in the glob implementation\n in GNU C Library (aka glibc) before 2.24, when\n GLOB_ALTDIRFUNC is used, allows context-dependent\n attackers to cause a denial of service (crash) via a\n long name.(CVE-2016-1234)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2155\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af494edc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-12133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h23.eulerosv2r7\",\n \"glibc-common-2.17-222.h23.eulerosv2r7\",\n \"glibc-devel-2.17-222.h23.eulerosv2r7\",\n \"glibc-headers-2.17-222.h23.eulerosv2r7\",\n \"glibc-static-2.17-222.h23.eulerosv2r7\",\n \"glibc-utils-2.17-222.h23.eulerosv2r7\",\n \"nscd-2.17-222.h23.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:56:00", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2016-3075", "CVE-2018-11236"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1344.NASL", "href": "https://www.tenable.com/plugins/nessus/118432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118432);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\"CVE-2014-9402\", \"CVE-2016-3075\", \"CVE-2018-11236\");\n script_bugtraq_id(71670);\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r.On systems with nsswitch\n configured to include 'networks: dns' with a privileged\n or network-facing service that would attempt to resolve\n user-provided network names, an attacker could provide\n an excessively long network name, resulting in stack\n corruption and code execution.(CVE-2016-3075)\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc\n or libc6) 2.27 and earlier, when processing very long\n pathname arguments to the realpath function, could\n encounter an integer overflow on 32-bit architectures,\n leading to a stack-based buffer overflow and,\n potentially, arbitrary code execution.(CVE-2018-11236)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1344\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?150706e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11236\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h12\",\n \"glibc-common-2.17-111.h12\",\n \"glibc-devel-2.17-111.h12\",\n \"glibc-headers-2.17-111.h12\",\n \"nscd-2.17-111.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T13:45:45", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739)\n\n - Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\n - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.(CVE-2018-20796)\n\n - ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2020-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10739", "CVE-2016-1234", "CVE-2017-12133", "CVE-2018-20796", "CVE-2019-9192"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1478.NASL", "href": "https://www.tenable.com/plugins/nessus/135640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135640);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2016-1234\",\n \"CVE-2016-10739\",\n \"CVE-2017-12133\",\n \"CVE-2018-20796\",\n \"CVE-2019-9192\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2020-1478)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In the GNU C Library (aka glibc or libc6) through 2.28,\n the getaddrinfo function would successfully parse a\n string that contained an IPv4 address followed by\n whitespace and arbitrary characters, which could lead\n applications to incorrectly assume that it had parsed a\n valid string, without the possibility of embedded HTTP\n headers or other potentially dangerous\n substrings.(CVE-2016-10739)\n\n - Stack-based buffer overflow in the glob implementation\n in GNU C Library (aka glibc) before 2.24, when\n GLOB_ALTDIRFUNC is used, allows context-dependent\n attackers to cause a denial of service (crash) via a\n long name.(CVE-2016-1234)\n\n - Use-after-free vulnerability in the clntudp_call\n function in sunrpc/clnt_udp.c in the GNU C Library (aka\n glibc or libc6) before 2.26 allows remote attackers to\n have unspecified impact via vectors related to error\n path.(CVE-2017-12133)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n check_dst_limits_calc_pos_1 in posix/regexec.c has\n Uncontrolled Recursion, as demonstrated by\n '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.(CVE-2018-20796)\n\n - ** DISPUTED ** In the GNU C Library (aka glibc or\n libc6) through 2.29, check_dst_limits_calc_pos_1 in\n posix/regexec.c has Uncontrolled Recursion, as\n demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different\n issue than CVE-2018-20796. NOTE: the software\n maintainer disputes that this is a vulnerability\n because the behavior occurs only with a crafted\n pattern.(CVE-2019-9192)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1478\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a378493e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10739\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-12133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h26.eulerosv2r7\",\n \"glibc-common-2.17-222.h26.eulerosv2r7\",\n \"glibc-devel-2.17-222.h26.eulerosv2r7\",\n \"glibc-headers-2.17-222.h26.eulerosv2r7\",\n \"nscd-2.17-222.h26.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T20:57:38", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.Security Fix(es):Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192)In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.(CVE-2018-20796)GNU Libc current is affected by:\n Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.(CVE-2019-1010023)A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.(CVE-2020-1752)The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets.\n This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.(CVE-2020-10029)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : glibc (EulerOS-SA-2020-1667)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2016-3706", "CVE-2018-20796", "CVE-2019-1010023", "CVE-2019-9192", "CVE-2020-10029", "CVE-2020-1752"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1667.NASL", "href": "https://www.tenable.com/plugins/nessus/137509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137509);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-3706\",\n \"CVE-2018-20796\",\n \"CVE-2019-1010023\",\n \"CVE-2019-9192\",\n \"CVE-2020-10029\",\n \"CVE-2020-1752\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : glibc (EulerOS-SA-2020-1667)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The glibc package contains standard libraries which are\n used by multiple programs on the system. In order to\n save disk space and memory, as well as to make\n upgrading easier, common system code is kept in one\n place and shared between programs. This particular\n package contains the most important sets of shared\n libraries: the standard C library and the standard math\n library. Without these two libraries, a Linux system\n will not function.Security Fix(es):Stack-based buffer\n overflow in the getaddrinfo function in\n sysdeps/posix/getaddrinfo.c in the GNU C Library (aka\n glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458.(CVE-2016-3706)In\n the GNU C Library (aka glibc or libc6) through 2.29,\n check_dst_limits_calc_pos_1 in posix/regexec.c has\n Uncontrolled Recursion, as demonstrated by\n '(|)(\\\\1\\\\1)*' in grep, a different issue than\n CVE-2018-20796. NOTE: the software maintainer disputes\n that this is a vulnerability because the behavior\n occurs only with a crafted pattern.(CVE-2019-9192)In\n the GNU C Library (aka glibc or libc6) through 2.29,\n check_dst_limits_calc_pos_1 in posix/regexec.c has\n Uncontrolled Recursion, as demonstrated by\n '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in\n grep.(CVE-2018-20796)GNU Libc current is affected by:\n Re-mapping current loaded library with malicious ELF\n file. The impact is: In worst case attacker may\n evaluate privileges. The component is: libld. The\n attack vector is: Attacker sends 2 ELF files to victim\n and asks to run ldd on it. ldd execute\n code.(CVE-2019-1010023)A use-after-free vulnerability\n introduced in glibc upstream version 2.14 was found in\n the way the tilde expansion was carried out. Directory\n paths containing an initial tilde followed by a valid\n username were affected by this issue. A local attacker\n could exploit this flaw by creating a specially crafted\n path that, when processed by the glob function, would\n potentially lead to arbitrary code execution. This was\n fixed in version 2.32.(CVE-2020-1752)The GNU C Library\n (aka glibc or libc6) before 2.32 could overflow an\n on-stack buffer during range reduction if an input to\n an 80-bit long double function contains a non-canonical\n bit pattern, a seen when passing a\n 0x5d414141414141410000 value to sinl on x86 targets.\n This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.(CVE-2020-10029)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1667\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a48d1a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-111.h49\",\n \"glibc-common-2.17-111.h49\",\n \"glibc-devel-2.17-111.h49\",\n \"glibc-headers-2.17-111.h49\",\n \"glibc-static-2.17-111.h49\",\n \"glibc-utils-2.17-111.h49\",\n \"nscd-2.17-111.h49\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:59:25", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities:\n\n - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (CVE-2017-15670)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. (CVE-2017-12132)\n\n - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.\n (CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). (CVE-2015-5180)\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402)\n\n - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.\n (CVE-2018-1000001)\n\n - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2014-9402", "CVE-2015-5180", "CVE-2016-3706", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/127183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0024. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127183);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2014-9402\",\n \"CVE-2015-5180\",\n \"CVE-2016-3706\",\n \"CVE-2017-12132\",\n \"CVE-2017-15670\",\n \"CVE-2017-15804\",\n \"CVE-2018-1000001\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by\nmultiple vulnerabilities:\n\n - The GNU C Library (aka glibc or libc6) before 2.27\n contains an off-by-one error leading to a heap-based\n buffer overflow in the glob function in glob.c, related\n to the processing of home directories using the ~\n operator followed by a long string. (CVE-2017-15670)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or\n libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation. (CVE-2017-12132)\n\n - The glob function in glob.c in the GNU C Library (aka\n glibc or libc6) before 2.27 contains a buffer overflow\n during unescaping of user names with the ~ operator.\n (CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash). (CVE-2015-5180)\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend in\n the Name Service Switch configuration is enabled, allows\n remote attackers to cause a denial of service (infinite\n loop) by sending a positive answer while a network name\n is being process. (CVE-2014-9402)\n\n - In glibc 2.26 and earlier there is confusion in the\n usage of getcwd() by realpath() which can be used to\n write before the destination buffer leading to a buffer\n underflow and potential code execution.\n (CVE-2018-1000001)\n\n - Stack-based buffer overflow in the getaddrinfo function\n in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka\n glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458. (CVE-2016-3706)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15804\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc realpath() Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-common-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-debuginfo-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-debuginfo-common-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-devel-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-headers-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-i18n-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-iconv-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-lang-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-locale-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-static-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-tools-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"glibc-utils-2.17-222.el7.cgslv5lite.0.6.g0d82438\",\n \"nscd-2.17-222.el7.cgslv5lite.0.6.g0d82438\"\n ],\n \"CGSL MAIN 5.04\": [\n \"glibc-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-common-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-debuginfo-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-debuginfo-common-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-devel-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-headers-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-static-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"glibc-utils-2.17-222.el7.cgslv5.0.1.gd23aea5\",\n \"nscd-2.17-222.el7.cgslv5.0.1.gd23aea5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T18:02:55", "description": "According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is:\n In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it.\n ldd execute code. NOTE: Upstream comments indicate 'this is being treated as a non-security bug and no real threat.'(CVE-2019-1010023)\n\n - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.(CVE-2019-25013)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.(CVE-2021-3326)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.(CVE-2020-27618)\n\n - The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.(CVE-2016-6323)\n\n - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4458", "CVE-2016-10228", "CVE-2016-3706", "CVE-2016-6323", "CVE-2017-12133", "CVE-2019-1010023", "CVE-2019-25013", "CVE-2020-27618", "CVE-2021-3326"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:glibc-static", "p-cpe:/a:huawei:euleros:glibc-utils", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1790.NASL", "href": "https://www.tenable.com/plugins/nessus/149140", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149140);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2016-3706\",\n \"CVE-2016-6323\",\n \"CVE-2017-12133\",\n \"CVE-2019-1010023\",\n \"CVE-2019-25013\",\n \"CVE-2020-27618\",\n \"CVE-2021-3326\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - GNU Libc current is affected by: Re-mapping current\n loaded library with malicious ELF file. The impact is:\n In worst case attacker may evaluate privileges. The\n component is: libld. The attack vector is: Attacker\n sends 2 ELF files to victim and asks to run ldd on it.\n ldd execute code. NOTE: Upstream comments indicate\n 'this is being treated as a non-security bug and no\n real threat.'(CVE-2019-1010023)\n\n - Stack-based buffer overflow in the getaddrinfo function\n in sysdeps/posix/getaddrinfo.c in the GNU C Library\n (aka glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - The iconv feature in the GNU C Library (aka glibc or\n libc6) through 2.32, when processing invalid multi-byte\n input sequences in the EUC-KR encoding, may have a\n buffer over-read.(CVE-2019-25013)\n\n - The iconv function in the GNU C Library (aka glibc or\n libc6) 2.32 and earlier, when processing invalid input\n sequences in the ISO-2022-JP-3 encoding, fails an\n assertion in the code path and aborts the program,\n potentially resulting in a denial of\n service.(CVE-2021-3326)\n\n - The iconv function in the GNU C Library (aka glibc or\n libc6) 2.32 and earlier, when processing invalid\n multi-byte input sequences in IBM1364, IBM1371,\n IBM1388, IBM1390, and IBM1399 encodings, fails to\n advance the input state, which could lead to an\n infinite loop in applications, resulting in a denial of\n service, a different vulnerability from\n CVE-2016-10228.(CVE-2020-27618)\n\n - The makecontext function in the GNU C Library (aka\n glibc or libc6) before 2.25 creates execution contexts\n incompatible with the unwinder on ARM EABI (32-bit)\n platforms, which might allow context-dependent\n attackers to cause a denial of service (hang), as\n demonstrated by applications compiled using gccgo,\n related to backtrace generation.(CVE-2016-6323)\n\n - Use-after-free vulnerability in the clntudp_call\n function in sunrpc/clnt_udp.c in the GNU C Library (aka\n glibc or libc6) before 2.26 allows remote attackers to\n have unspecified impact via vectors related to error\n path.(CVE-2017-12133)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1790\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e4aca35\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1010023\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-196.h45\",\n \"glibc-common-2.17-196.h45\",\n \"glibc-devel-2.17-196.h45\",\n \"glibc-headers-2.17-196.h45\",\n \"glibc-static-2.17-196.h45\",\n \"glibc-utils-2.17-196.h45\",\n \"nscd-2.17-196.h45\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:51", "description": "Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. (CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments.\nAn attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2207", "CVE-2014-8121", "CVE-2014-9761", "CVE-2015-1781", "CVE-2015-5277", "CVE-2015-8776", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-2856", "CVE-2016-3075"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2985-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2985-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91334);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2013-2207\", \"CVE-2014-8121\", \"CVE-2014-9761\", \"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2015-8777\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-2856\", \"CVE-2016-3075\");\n script_xref(name:\"USN\", value:\"2985-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin Carpenter discovered that pt_chown in the GNU C Library did not\nproperly check permissions for tty files. A local attacker could use\nthis to gain administrative privileges or expose sensitive\ninformation. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS)\nimplementation in the GNU C Library did not properly manage its file\ndescriptors. An attacker could use this to cause a denial of service\n(infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle\nlong arguments to functions returning a representation of Not a Number\n(NaN). An attacker could use this to cause a denial of service (stack\nexhaustion leading to an application crash) or possibly execute\narbitrary code. (CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code\nin the GNU C Library did not properly account buffer sizes when passed\nan unaligned buffer. An attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch\n(NSS) implementation in the GNU C Library did not handle long lines in\nthe files databases correctly. A local attacker could use this to\ncause a denial of service (application crash) or possibly execute\narbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C\nLibrary did not properly handle out-of-range argument data. An\nattacker could use this to cause a denial of service (application\ncrash) or possibly expose sensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library\nallowed the pointer-guarding protection mechanism to be disabled by\nhonoring the LD_POINTER_GUARD environment variable across privilege\nboundaries. A local attacker could use this to exploit an existing\nvulnerability more easily. (CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C\nLibrary did not properly check its size argument, leading to an\ninteger overflow. An attacker could use to cause a denial of service\n(application crash) or possibly execute arbitrary code.\n(CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in\nthe catopen function in the GNU C Library when handling long catalog\nnames. An attacker could use this to cause a denial of service\n(application crash) or possibly execute arbitrary code.\n(CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the\nGNU C Library did not properly handle long names passed as arguments.\nAn attacker could use to cause a denial of service (stack exhaustion\nleading to an application crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2985-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libc6 and / or libc6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6-dev\", pkgver:\"2.15-0ubuntu10.14\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6-dev\", pkgver:\"2.19-0ubuntu6.8\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc6\", pkgver:\"2.21-0ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc6-dev\", pkgver:\"2.21-0ubuntu4.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc6 / libc6-dev\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:38", "description": "USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade.\nThis update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue.\n\nWe apologize for the inconvenience.\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code.\n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily.\n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-27T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2207", "CVE-2014-8121", "CVE-2014-9761", "CVE-2015-1781", "CVE-2015-5277", "CVE-2015-8776", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-2856", "CVE-2016-3075"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2985-2.NASL", "href": "https://www.tenable.com/plugins/nessus/91341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2985-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91341);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2013-2207\", \"CVE-2014-8121\", \"CVE-2014-9761\", \"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2015-8777\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-2856\", \"CVE-2016-3075\");\n script_xref(name:\"USN\", value:\"2985-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for\nCVE-2014-9761 introduced a regression which affected applications that\nuse the libm library but were not fully restarted after the upgrade.\nThis update removes the fix for CVE-2014-9761 and a future update will\nbe provided to address this issue.\n\nWe apologize for the inconvenience.\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not\nproperly check permissions for tty files. A local attacker could use\nthis to gain administrative privileges or expose sensitive\ninformation. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS)\nimplementation in the GNU C Library did not properly manage\nits file descriptors. An attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not\nproperly handle long arguments to functions returning a\nrepresentation of Not a Number (NaN). An attacker could use\nthis to cause a denial of service (stack exhaustion leading\nto an application crash) or possibly execute arbitrary code.\n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the\nnss_dns code in the GNU C Library did not properly account\nbuffer sizes when passed an unaligned buffer. An attacker\ncould use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name\nService Switch (NSS) implementation in the GNU C Library did\nnot handle long lines in the files databases correctly. A\nlocal attacker could use this to cause a denial of service\n(application crash) or possibly execute arbitrary code.\n(CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the\nGNU C Library did not properly handle out-of-range argument\ndata. An attacker could use this to cause a denial of\nservice (application crash) or possibly expose sensitive\ninformation. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C\nLibrary allowed the pointer-guarding protection mechanism to\nbe disabled by honoring the LD_POINTER_GUARD environment\nvariable across privilege boundaries. A local attacker could\nuse this to exploit an existing vulnerability more easily.\n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the\nGNU C Library did not properly check its size argument,\nleading to an integer overflow. An attacker could use to\ncause a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer\noverflow in the catopen function in the GNU C Library when\nhandling long catalog names. An attacker could use this to\ncause a denial of service (application crash) or possibly\nexecute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname\nimplementation in the GNU C Library did not properly handle\nlong names passed as arguments. An attacker could use to\ncause a denial of service (stack exhaustion leading to an\napplication crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2985-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libc-bin, libc6 and / or libc6-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc-bin\", pkgver:\"2.15-0ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6\", pkgver:\"2.15-0ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libc6-dev\", pkgver:\"2.15-0ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc-bin\", pkgver:\"2.19-0ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6\", pkgver:\"2.19-0ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libc6-dev\", pkgver:\"2.19-0ubuntu6.9\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc-bin\", pkgver:\"2.21-0ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc6\", pkgver:\"2.21-0ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libc6-dev\", pkgver:\"2.21-0ubuntu4.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libc-bin / libc6 / libc6-dev\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:51", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4412", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4788", "CVE-2013-7423", "CVE-2014-0475", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-5277", "CVE-2015-8776", "CVE-2016-3075", "CVE-2017-15670", "CVE-2019-9169"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/125005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125005);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2012-4412\",\n \"CVE-2013-1914\",\n \"CVE-2013-4237\",\n \"CVE-2013-4788\",\n \"CVE-2013-7423\",\n \"CVE-2014-0475\",\n \"CVE-2014-6040\",\n \"CVE-2014-9402\",\n \"CVE-2014-9761\",\n \"CVE-2015-1472\",\n \"CVE-2015-1781\",\n \"CVE-2015-5277\",\n \"CVE-2015-8776\",\n \"CVE-2016-3075\",\n \"CVE-2017-15670\",\n \"CVE-2019-9169\"\n );\n script_bugtraq_id(\n 55462,\n 58839,\n 61183,\n 61729,\n 68505,\n 69472,\n 71670,\n 72428,\n 72498,\n 72844,\n 74255\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was discovered that the nss_files backend for the\n Name Service Switch in glibc would return incorrect\n data to applications or corrupt the heap (depending on\n adjacent heap contents). A local attacker could\n potentially use this flaw to execute arbitrary code on\n the system.(CVE-2015-5277)\n\n - A directory traveral flaw was found in the way glibc\n loaded locale files. An attacker able to make an\n application use a specially crafted locale name value\n (for example, specified in an LC_* environment\n variable) could possibly use this flaw to execute\n arbitrary code with the privileges of that\n application.(CVE-2014-0475)\n\n - It was found that out-of-range time values passed to\n the strftime() function could result in an\n out-of-bounds memory access. This could lead to\n application crash or, potentially, information\n disclosure.(CVE-2015-8776)\n\n - The GNU C Library (aka glibc or libc6) before 2.27\n contains an off-by-one error leading to a heap-based\n buffer overflow in the glob function in glob.c, related\n to the processing of home directories using the ~\n operator followed by a long string.(CVE-2017-15670)\n\n - The PTR_MANGLE implementation in the GNU C Library (aka\n glibc or libc6) 2.4, 2.17, and earlier, and Embedded\n GLIBC (EGLIBC) does not initialize the random value for\n the pointer guard, which makes it easier for\n context-dependent attackers to control execution flow\n by leveraging a buffer-overflow vulnerability in an\n application and using the known zero value pointer\n guard to calculate a pointer address.(CVE-2013-4788)\n\n - An out-of-bounds read flaw was found in the way glibc's\n iconv() function converted certain encoded data to\n UTF-8. An attacker able to make an application call the\n iconv() function with a specially crafted argument\n could use this flaw to crash that\n application.(CVE-2014-6040)\n\n - A stack overflow vulnerability was found in\n _nss_dns_getnetbyname_r. On systems with nsswitch\n configured to include ''networks: dns'' with a\n privileged or network-facing service that would attempt\n to resolve user-provided network names, an attacker\n could provide an excessively long network name,\n resulting in stack corruption and code\n execution.(CVE-2016-3075)\n\n - Integer overflow in string/strcoll_l.c in the GNU C\n Library (aka glibc or libc6) 2.17 and earlier allows\n context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string, which triggers a heap-based buffer\n overflow.(CVE-2012-4412)\n\n - A heap-based buffer overflow flaw was found in glibc's\n swscanf() function. An attacker able to make an\n application call the swscanf() function could use this\n flaw to crash that application or, potentially, execute\n arbitrary code with the permissions of the user running\n the application.(CVE-2015-1472)\n\n - It was found that getaddrinfo() did not limit the\n amount of stack memory used during name resolution. An\n attacker able to make an application resolve an\n attacker-controlled hostname or IP address could\n possibly cause the application to exhaust all stack\n memory and crash.(CVE-2013-1914)\n\n - A stack overflow vulnerability was found in nan*\n functions that could cause applications, which process\n long strings with the nan function, to crash or,\n potentially, execute arbitrary code.(CVE-2014-9761)\n\n - An out-of-bounds write flaw was found in the way the\n glibc's readdir_r() function handled file system\n entries longer than the NAME_MAX character constant. A\n remote attacker could provide a specially crafted NTFS\n or CIFS file system that, when processed by an\n application using readdir_r(), would cause that\n application to crash or, potentially, allow the\n attacker to execute arbitrary code with the privileges\n of the user running the application.(CVE-2013-4237)\n\n - It was discovered that, under certain circumstances,\n glibc's getaddrinfo() function would send DNS queries\n to random file descriptors. An attacker could\n potentially use this flaw to send DNS queries to\n unintended recipients, resulting in information\n disclosure or data loss due to the application\n encountering corrupted data.(CVE-2013-7423)\n\n - A buffer overflow flaw was found in the way glibc's\n gethostbyname_r() and other related functions computed\n the size of a buffer when passed a misaligned buffer as\n input. An attacker able to make an application call any\n of these functions with a misaligned buffer could use\n this flaw to crash the application or, potentially,\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-1781)\n\n - The nss_dns implementation of getnetbyname in GNU C\n Library (aka glibc) before 2.21, when the DNS backend\n in the Name Service Switch configuration is enabled,\n allows remote attackers to cause a denial of service\n (infinite loop) by sending a positive answer while a\n network name is being process.(CVE-2014-9402)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29,\n proceed_next_node in posix/regexec.c has a heap-based\n buffer over-read via an attempted case-insensitive\n regular-expression match.(CVE-2019-9169)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad6abb72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h11\",\n \"glibc-common-2.17-222.h11\",\n \"glibc-devel-2.17-222.h11\",\n \"glibc-headers-2.17-222.h11\",\n \"nscd-2.17-222.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-11T00:25:00", "description": "According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\n - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778)\n\n - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547)\n\n - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242)\n\n - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)\n\n - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\n - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121)\n\n - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001)\n\n - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424)\n\n - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777)\n\n - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207)\n\n - A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application.(CVE-2015-1473)\n\n - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.(CVE-2013-4458)\n\n - A heap-based buffer overflow was found in glibc's\n __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.(CVE-2015-0235)\n\n - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.(CVE-2013-4332)\n\n - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485)\n\n - A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code.(CVE-2015-8779)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-4424", "CVE-2013-0242", "CVE-2013-2207", "CVE-2013-4332", "CVE-2013-4458", "CVE-2014-8121", "CVE-2015-0235", "CVE-2015-1473", "CVE-2015-5180", "CVE-2015-7547", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-3706", "CVE-2017-1000366", "CVE-2017-12132", "CVE-2017-15804", "CVE-2018-1000001", "CVE-2018-11236", "CVE-2018-6485"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:glibc", "p-cpe:/a:huawei:euleros:glibc-common", "p-cpe:/a:huawei:euleros:glibc-devel", "p-cpe:/a:huawei:euleros:glibc-headers", "p-cpe:/a:huawei:euleros:nscd", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1551.NASL", "href": "https://www.tenable.com/plugins/nessus/125004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125004);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2012-4424\",\n \"CVE-2013-0242\",\n \"CVE-2013-2207\",\n \"CVE-2013-4332\",\n \"CVE-2013-4458\",\n \"CVE-2014-8121\",\n \"CVE-2015-0235\",\n \"CVE-2015-1473\",\n \"CVE-2015-5180\",\n \"CVE-2015-7547\",\n \"CVE-2015-8777\",\n \"CVE-2015-8778\",\n \"CVE-2015-8779\",\n \"CVE-2016-3706\",\n \"CVE-2017-1000366\",\n \"CVE-2017-12132\",\n \"CVE-2017-15804\",\n \"CVE-2018-1000001\",\n \"CVE-2018-11236\",\n \"CVE-2018-6485\"\n );\n script_bugtraq_id(\n 55543,\n 57638,\n 61960,\n 62324,\n 63299,\n 72325,\n 72499,\n 73038\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the glibc packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - stdlib/canonicalize.c in the GNU C Library (aka glibc\n or libc6) 2.27 and earlier, when processing very long\n pathname arguments to the realpath function, could\n encounter an integer overflow on 32-bit architectures,\n leading to a stack-based buffer overflow and,\n potentially, arbitrary code execution.(CVE-2018-11236)\n\n - An integer overflow vulnerability was found in\n hcreate() and hcreate_r() functions which could result\n in an out-of-bounds memory access. This could lead to\n application crash or, potentially, arbitrary code\n execution.(CVE-2015-8778)\n\n - A stack-based buffer overflow was found in the way the\n libresolv library performed dual A/AAAA DNS queries. A\n remote attacker could create a specially crafted DNS\n response which could cause libresolv to crash or,\n potentially, execute code with the permissions of the\n user running the library. Note: this issue is only\n exposed when libresolv is called from the nss_dns NSS\n service module.(CVE-2015-7547)\n\n - A flaw was found in the regular expression matching\n routines that process multibyte character input. If an\n application utilized the glibc regular expression\n matching mechanism, an attacker could provide\n specially-crafted input that, when processed, would\n cause the application to crash.(CVE-2013-0242)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is glibc-side mitigation which blocks\n processing of LD_LIBRARY_PATH for programs running in\n secure-execution mode and reduces the number of\n allocations performed by the processing of LD_AUDIT,\n LD_PRELOAD, and LD_HWCAP_MASK, making successful\n exploitation of this issue more\n difficult.(CVE-2017-1000366)\n\n - The DNS stub resolver in the GNU C Library (aka glibc\n or libc6) before version 2.26, when EDNS support is\n enabled, will solicit large UDP responses from name\n servers, potentially simplifying off-path DNS spoofing\n attacks due to IP fragmentation.(CVE-2017-12132)\n\n - It was found that the files back end of Name Service\n Switch (NSS) did not isolate iteration over an entire\n database from key-based look-up API calls. An\n application performing look-ups on a database while\n iterating over it could enter an infinite loop, leading\n to a denial of service.(CVE-2014-8121)\n\n - Stack-based buffer overflow in the getaddrinfo function\n in sysdeps/posix/getaddrinfo.c in the GNU C Library\n (aka glibc or libc6) allows remote attackers to cause a\n denial of service (crash) via vectors involving hostent\n conversion. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n - In glibc 2.26 and earlier there is confusion in the\n usage of getcwd() by realpath() which can be used to\n write before the destination buffer leading to a buffer\n underflow and potential code\n execution.(CVE-2018-1000001)\n\n - Stack-based buffer overflow in string/strcoll_l.c in\n the GNU C Library (aka glibc or libc6) 2.17 and earlier\n allows context-dependent attackers to cause a denial of\n service (crash) or possibly execute arbitrary code via\n a long string that triggers a malloc failure and use of\n the alloca function.(CVE-2012-4424)\n\n - It was found that the dynamic loader did not sanitize\n the LD_POINTER_GUARD environment variable. An attacker\n could use this flaw to bypass the pointer guarding\n protection on set-user-ID or set-group-ID programs to\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-8777)\n\n - The glob function in glob.c in the GNU C Library (aka\n glibc or libc6) before 2.27 contains a buffer overflow\n during unescaping of user names with the ~\n operator.(CVE-2017-15804)\n\n - res_query in libresolv in glibc before 2.25 allows\n remote attackers to cause a denial of service (NULL\n pointer dereference and process crash).(CVE-2015-5180)\n\n - pt_chown in GNU C Library (aka glibc or libc6) before\n 2.18 does not properly check permissions for tty files,\n which allows local users to change the permission on\n the files and obtain access to arbitrary\n pseudo-terminals by leveraging a FUSE file\n system.(CVE-2013-2207)\n\n - A stack overflow flaw was found in glibc's swscanf()\n function. An attacker able to make an application call\n the swscanf() function could use this flaw to crash\n that application or, potentially, execute arbitrary\n code with the permissions of the user running the\n application.(CVE-2015-1473)\n\n - It was found that getaddrinfo() did not limit the\n amount of stack memory used during name resolution. An\n attacker able to make an application resolve an\n attacker-controlled hostname or IP address could\n possibly cause the application to exhaust all stack\n memory and crash.(CVE-2013-4458)\n\n - A heap-based buffer overflow was found in glibc's\n __nss_hostname_digits_dots() function, which is used by\n the gethostbyname() and gethostbyname2() glibc function\n calls. A remote attacker able to make an application\n call either of these functions could use this flaw to\n execute arbitrary code with the permissions of the user\n running the application.(CVE-2015-0235)\n\n - Multiple integer overflow flaws, leading to heap-based\n buffer overflows, were found in glibc's memory\n allocator functions (pvalloc, valloc, and memalign). If\n an application used such a function, it could cause the\n application to crash or, potentially, execute arbitrary\n code with the privileges of the user running the\n application.(CVE-2013-4332)\n\n - An integer overflow in the implementation of the\n posix_memalign in memalign functions in the GNU C\n Library (aka glibc or libc6) 2.26 and earlier could\n cause these functions to return a pointer to a heap\n area that is too small, potentially leading to heap\n corruption.(CVE-2018-6485)\n\n - A stack based buffer overflow vulnerability was found\n in the catopen() function. An excessively long string\n passed to the function could cause it to crash or,\n potentially, execute arbitrary code.(CVE-2015-8779)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1551\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97fa15c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected glibc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'glibc realpath() Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"glibc-2.17-222.h11\",\n \"glibc-common-2.17-222.h11\",\n \"glibc-devel-2.17-222.h11\",\n \"glibc-headers-2.17-222.h11\",\n \"nscd-2.17-222.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2022-05-12T18:10:05", "description": "Updates of ['glibc'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0037", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2017-04-24T00:00:00", "id": "PHSA-2017-0037", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T11:54:07", "description": "An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-24T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2017-0013", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197", "CVE-2016-1234", "CVE-2016-1546", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-6313", "CVE-2016-6318"], "modified": "2017-04-24T00:00:00", "id": "PHSA-2017-0013", "href": "https://github.com/vmware/photon/wiki/Security-Updates-37", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-03-23T18:31:18", "description": "Package : eglibc\nVersion : 2.13-38+deb7u11\nCVE ID : CVE-2016-1234 CVE-2016-3075 CVE-2016-3706\n\n\nSeveral vulnerabilities have been fixed in the Debian GNU C Library,\neglibc:\n\nCVE-2016-1234\n\n Alexander Cherepanov discovered that the glibc's glob implementation\n suffered from a stack-based buffer overflow when it was called with the\n GLOB_ALTDIRFUNC flag and encountered a long file name.\n\nCVE-2016-3075\n\n The getnetbyname implementation in nss_dns was susceptible to a stack\n overflow and a crash if it was invoked on a very long name.\n\nCVE-2016-3706\n\n Michael Petlan reported that getaddrinfo copied large amounts of address\n data to the stack, possibly leading to a stack overflow. This complements\n the fix for CVE-2013-4458.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.13-38+deb7u11.\n\nWe recommend you to upgrade your eglibc packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system, and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-30T04:24:49", "type": "debian", "title": "[SECURITY] [DLA 494-1] eglibc security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4458", "CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"], "modified": "2016-05-30T04:24:49", "id": "DEBIAN:DLA-494-1:C3160", "href": "https://lists.debian.org/debian-lts-announce/2016/05/msg00047.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2016-b321728d74", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075", "CVE-2016-1234", "CVE-2016-3706", "CVE-2013-4458"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2016-b321728d74\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808401\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:48:12 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-3075\", \"CVE-2016-3706\", \"CVE-2016-1234\", \"CVE-2013-4458\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2016-b321728d74\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b321728d74\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SE4LNECG4IQEGUOTG4SWBWTLFJWP7U4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.23.1~7.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2016-1073)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3075"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161073", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1073\");\n script_version(\"2020-01-23T10:42:11+0000\");\n script_cve_id(\"CVE-2016-3075\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:42:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2016-1073)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1073\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1073\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2016-1073 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A stack overflow vulnerability was found in _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2016-68", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2016-3075", "CVE-2016-1234", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-9761"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2016-68\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808027\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:22:37 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-3075\", \"CVE-2016-1234\", \"CVE-2015-8778\", \"CVE-2015-8776\", \"CVE-2014-9761\", \"CVE-2015-8779\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2016-68\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-68\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.22~15.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for glibc FEDORA-2016-b0e67c88b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3706", "CVE-2013-4458"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glibc FEDORA-2016-b0e67c88b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808359\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:28:59 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-3706\", \"CVE-2013-4458\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for glibc FEDORA-2016-b0e67c88b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"glibc on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b0e67c88b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WENVYEYN5OSQXJQV7L4TQOKH3BODV6PB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.22~16.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-24T19:30:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for eglibc USN-3239-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8982", "CVE-2015-8983", "CVE-2016-5417", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2015-8984", "CVE-2016-6323"], "modified": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310843108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for eglibc USN-3239-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843108\");\n script_version(\"2020-06-23T09:25:46+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-23 09:25:46 +0000 (Tue, 23 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-25 05:50:32 +0100 (Sat, 25 Mar 2017)\");\n script_cve_id(\"CVE-2016-3706\", \"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\",\n \"CVE-2016-1234\", \"CVE-2016-4429\", \"CVE-2016-5417\", \"CVE-2016-6323\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for eglibc USN-3239-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'eglibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3239-1 fixed vulnerabilities in the GNU\n C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that\n in some circumstances prevented IPv6 addresses from resolving. This update\n reverts the change in Ubuntu 12.04 LTS. We apologize for the error. Original\n advisory details: It was discovered that the GNU C Library incorrectly handled\n the strxfrm() function. An attacker could use this issue to cause a denial of\n service or possibly execute arbitrary code. This issue only affected Ubuntu\n 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an\n integer overflow existed in the _IO_wstr_overflow() function of the GNU C\n Library. An attacker could use this to cause a denial of service or possibly\n execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the\n GNU C Library did not properly handle certain malformed patterns. An attacker\n could use this to cause a denial of service. This issue only affected Ubuntu\n 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered\n a stack-based buffer overflow in the glob implementation of the GNU C Library.\n An attacker could use this to specially craft a directory layout and cause a\n denial of service. (CVE-2016-1234) Michael Petlan discovered an unbounded stack\n allocation in the getaddrinfo() function of the GNU C Library. An attacker could\n use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered\n an unbounded stack allocation in the sunrpc implementation in the GNU C Library.\n An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim\n Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library\n did not properly track memory allocations. An attacker could use this to cause a\n denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)\n Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not\n properly set up execution contexts. An attacker could use this to cause a denial\n of service. (CVE-2016-6323)\");\n script_tag(name:\"affected\", value:\"eglibc on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3239-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3239-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.15-0ubuntu10.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.15-0ubuntu10.18\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1234", "CVE-2017-12132"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191844", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1844\");\n script_version(\"2020-01-23T12:24:36+0000\");\n script_cve_id(\"CVE-2016-1234\", \"CVE-2017-12132\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:24:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:24:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1844)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1844\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1844\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1844 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h37\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-24T19:41:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for glibc USN-3239-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8982", "CVE-2015-8983", "CVE-2016-5417", "CVE-2016-1234", "CVE-2015-5180", "CVE-2016-3706", "CVE-2016-4429", "CVE-2015-8984", "CVE-2016-6323"], "modified": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310843104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843104", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for glibc USN-3239-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843104\");\n script_version(\"2020-06-23T09:25:46+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-23 09:25:46 +0000 (Tue, 23 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:49:09 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2015-5180\", \"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\",\n \"CVE-2016-1234\", \"CVE-2016-3706\", \"CVE-2016-4429\", \"CVE-2016-5417\",\n \"CVE-2016-6323\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for glibc USN-3239-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3239-1 fixed vulnerabilities in the GNU\n C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI\n change within the resolver library. This update reverts the change. We apologize\n for the inconvenience. Please note that long-running services that were\n restarted to compensate for the USN-3239-1 update may need to be restarted\n again. Original advisory details: It was discovered that the GNU C Library\n incorrectly handled the strxfrm() function. An attacker could use this issue to\n cause a denial of service or possibly execute arbitrary code. This issue only\n affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was\n discovered that an integer overflow existed in the _IO_wstr_overflow() function\n of the GNU C Library. An attacker could use this to cause a denial of service or\n possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\n Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function\n in the GNU C Library did not properly handle certain malformed patterns. An\n attacker could use this to cause a denial of service. This issue only affected\n Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov\n discovered a stack-based buffer overflow in the glob implementation of the GNU C\n Library. An attacker could use this to specially craft a directory layout and\n cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL\n pointer dereference in the DNS resolver of the GNU C Library. An attacker could\n use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered\n an unbounded stack allocation in the getaddrinfo() function of the GNU C\n Library. An attacker could use this to cause a denial of service.\n (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the\n sunrpc implementation in the GNU C Library. An attacker could use this to cause\n a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the\n getaddrinfo() implementation in the GNU C Library did not properly track memory\n allocations. An attacker could use this to cause a denial of service. This issue\n only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that\n the GNU C Library on ARM 32-bit platforms did not properly set up execution\n contexts. An attacker could use this to cause a denial of service.\n (CVE-2016-6323)\");\n script_tag(name:\"affected\", value:\"glibc on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3239-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3239-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.19-0ubuntu6.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.19-0ubuntu6.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.15-0ubuntu10.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.15-0ubuntu10.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.23-0ubuntu7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.23-0ubuntu7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-24T19:31:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for glibc USN-3239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8982", "CVE-2015-8983", "CVE-2016-5417", "CVE-2016-1234", "CVE-2015-5180", "CVE-2016-3706", "CVE-2016-4429", "CVE-2015-8984", "CVE-2016-6323"], "modified": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310843099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for glibc USN-3239-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843099\");\n script_version(\"2020-06-23T09:25:46+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-23 09:25:46 +0000 (Tue, 23 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-21 05:50:56 +0100 (Tue, 21 Mar 2017)\");\n script_cve_id(\"CVE-2015-8982\", \"CVE-2015-8983\", \"CVE-2015-8984\", \"CVE-2016-1234\",\n \"CVE-2015-5180\", \"CVE-2016-3706\", \"CVE-2016-4429\", \"CVE-2016-5417\",\n \"CVE-2016-6323\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for glibc USN-3239-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the GNU C Library\n incorrectly handled the strxfrm() function. An attacker could use this issue to\n cause a denial of service or possibly execute arbitrary code. This issue only\n affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was\n discovered that an integer overflow existed in the _IO_wstr_overflow() function\n of the GNU C Library. An attacker could use this to cause a denial of service or\n possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\n Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function\n in the GNU C Library did not properly handle certain malformed patterns. An\n attacker could use this to cause a denial of service. This issue only affected\n Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov\n discovered a stack-based buffer overflow in the glob implementation of the GNU C\n Library. An attacker could use this to specially craft a directory layout and\n cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL\n pointer dereference in the DNS resolver of the GNU C Library. An attacker could\n use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered\n an unbounded stack allocation in the getaddrinfo() function of the GNU C\n Library. An attacker could use this to cause a denial of service.\n (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the\n sunrpc implementation in the GNU C Library. An attacker could use this to cause\n a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the\n getaddrinfo() implementation in the GNU C Library did not properly track memory\n allocations. An attacker could use this to cause a denial of service. This issue\n only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that\n the GNU C Library on ARM 32-bit platforms did not properly set up execution\n contexts. An attacker could use this to cause a denial of service.\n (CVE-2016-6323)\");\n script_tag(name:\"affected\", value:\"glibc on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3239-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3239-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.19-0ubuntu6.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.19-0ubuntu6.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.15-0ubuntu10.16\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.15-0ubuntu10.16\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.23-0ubuntu6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.23-0ubuntu6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-2155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10739", "CVE-2016-1234", "CVE-2017-12133"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192155", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2155\");\n script_version(\"2020-01-23T12:36:51+0000\");\n script_cve_id(\"CVE-2016-10739\", \"CVE-2016-1234\", \"CVE-2017-12133\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:36:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:36:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-2155)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2155\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2155\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-2155 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739)\n\nUse-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)\n\nStack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:39:15", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9402", "CVE-2016-3075", "CVE-2018-11236"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181344", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1344\");\n script_version(\"2020-01-23T11:22:33+0000\");\n script_cve_id(\"CVE-2014-9402\", \"CVE-2016-3075\", \"CVE-2018-11236\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1344)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1344\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1344\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2018-1344 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r.On systems with nsswitch configured to include 'networks: dns' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nstdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h12\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for glibc RHSA-2016:2573-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5277", "CVE-2016-3075", "CVE-2015-5229"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for glibc RHSA-2016:2573-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871695\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:02 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2016-3075\", \"CVE-2015-5277\", \"CVE-2015-5229\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for glibc RHSA-2016:2573-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The glibc packages provide the standard C\nlibraries (libc), POSIX thread libraries (libpthread), standard math libraries\n(libm), and the name service cache daemon (nscd) used by multiple programs on\nthe system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On\nsystems with nsswitch configured to include 'networks: dns' with a\nprivileged or network-facing service that would attempt to resolve\nuser-provided network names, an attacker could provide an excessively long\nnetwork name, resulting in stack corruption and code execution.\n(CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"glibc on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2573-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00009.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo\", rpm:\"glibc-debuginfo~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-debuginfo-common\", rpm:\"glibc-debuginfo-common~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~157.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-17T17:02:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10739", "CVE-2018-20796", "CVE-2019-9192", "CVE-2016-1234", "CVE-2017-12133"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201478", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1478\");\n script_version(\"2020-04-16T05:57:49+0000\");\n script_cve_id(\"CVE-2016-10739\", \"CVE-2016-1234\", \"CVE-2017-12133\", \"CVE-2018-20796\", \"CVE-2019-9192\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:57:49 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:57:49 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1478)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1478\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1478\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2020-1478 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739)\n\nStack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.(CVE-2016-1234)\n\nUse-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227<pipe>)(\\\\1\\\\1<pipe>t1<pipe>\\\\\\2537)+' in grep.(CVE-2018-20796)\n\n** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(<pipe>)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h26.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h26.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h26.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h26.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h26.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-17T15:52:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1667)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20796", "CVE-2019-9192", "CVE-2020-10029", "CVE-2016-3706", "CVE-2013-4458", "CVE-2019-1010023", "CVE-2020-1752"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201667", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1667\");\n script_version(\"2020-06-16T05:48:52+0000\");\n script_cve_id(\"CVE-2016-3706\", \"CVE-2018-20796\", \"CVE-2019-1010023\", \"CVE-2019-9192\", \"CVE-2020-10029\", \"CVE-2020-1752\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:48:52 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:48:52 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1667)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1667\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1667\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2020-1667 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)\n\n** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(<pipe>)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192)\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227<pipe>)(\\\\1\\\\1<pipe>t1<pipe>\\\\\\2537)+' in grep.(CVE-2018-20796)\n\nGNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.(CVE-2019-1010023)\n\nA use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.(CVE-2020-1752)\n\nThe GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.(CVE-2020-10029)\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-static\", rpm:\"glibc-static~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-utils\", rpm:\"glibc-utils~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~111.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for glibc USN-2985-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for glibc USN-2985-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842773\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-26 05:21:59 +0200 (Thu, 26 May 2016)\");\n script_cve_id(\"CVE-2013-2207\", \"CVE-2016-2856\", \"CVE-2014-8121\", \"CVE-2014-9761\",\n\t\t\"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2015-8777\",\n\t\t\"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-3075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for glibc USN-2985-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Martin Carpenter discovered that pt_chown\n in the GNU C Library did not properly check permissions for tty files. A local\n attacker could use this to gain administrative privileges or expose sensitive\n information. (CVE-2013-2207, CVE-2016-2856)\n\n Robin Hack discovered that the Name Service Switch (NSS) implementation in\n the GNU C Library did not properly manage its file descriptors. An attacker\n could use this to cause a denial of service (infinite loop).\n (CVE-2014-8121)\n\n Joseph Myers discovered that the GNU C Library did not properly handle long\n arguments to functions returning a representation of Not a Number (NaN). An\n attacker could use this to cause a denial of service (stack exhaustion\n leading to an application crash) or possibly execute arbitrary code.\n (CVE-2014-9761)\n\n Arjun Shankar discovered that in certain situations the nss_dns code in the\n GNU C Library did not properly account buffer sizes when passed an\n unaligned buffer. An attacker could use this to cause a denial of service\n or possibly execute arbitrary code. (CVE-2015-1781)\n\n Sumit Bose and Luká š Slebodní k discovered that the Name Service\n Switch (NSS) implementation in the GNU C Library did not handle long\n lines in the files databases correctly. A local attacker could use\n this to cause a denial of service (application crash) or possibly\n execute arbitrary code. (CVE-2015-5277)\n\n Adam Nielsen discovered that the strftime function in the GNU C Library did\n not properly handle out-of-range argument data. An attacker could use this\n to cause a denial of service (application crash) or possibly expose\n sensitive information. (CVE-2015-8776)\n\n Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed\n the pointer-guarding protection mechanism to be disabled by honoring the\n LD_POINTER_GUARD environment variable across privilege boundaries. A local\n attacker could use this to exploit an existing vulnerability more easily.\n (CVE-2015-8777)\n\n Szabolcs Nagy discovered that the hcreate functions in the GNU C Library\n did not properly check its size argument, leading to an integer overflow.\n An attacker could use to cause a denial of service (application crash) or\n possibly execute arbitrary code. (CVE-2015-8778)\n\n Maksymilian Arciemowicz discovered a stack-based buffer overflow in the\n catopen function in the GNU C Library when handling long catalog names. An\n attacker could use this to cause a denial of service (application crash) or\n possibly execute arbitrary code. (CVE-2015-8779)\n\n Florian Weimer discovered that the getnetbyname implementation in the GNU C\n Library did not properly handle long names passed as arguments. An attacker\n could use to cause a denial of service (stack exhaustion leading to an\n application crash). (CVE-2016-3075)\");\n script_tag(name:\"affected\", value:\"glibc on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2985-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2985-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.19-0ubuntu6.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.19-0ubuntu6.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.19-0ubuntu6.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.19-0ubuntu6.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.15-0ubuntu10.14\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.15-0ubuntu10.14\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.15-0ubuntu10.14\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.15-0ubuntu10.14\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.21-0ubuntu4.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.21-0ubuntu4.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.21-0ubuntu4.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.21-0ubuntu4.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-27T00:00:00", "type": "openvas", "title": "Ubuntu Update for glibc USN-2985-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842775", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for glibc USN-2985-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842775\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-27 05:20:47 +0200 (Fri, 27 May 2016)\");\n script_cve_id(\"CVE-2014-9761\", \"CVE-2013-2207\", \"CVE-2016-2856\", \"CVE-2014-8121\",\n\t\t\"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2015-8777\",\n\t\t\"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-3075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for glibc USN-2985-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glibc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2985-1 fixed vulnerabilities in the\n GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected\n applications that use the libm library but were not fully restarted after the\n upgrade. This update removes the fix for CVE-2014-9761 and a future update\n will be provided to address this issue.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n Martin Carpenter discovered that pt_chown in the GNU C Library did not\n properly check permissions for tty files. A local attacker could use this\n to gain administrative privileges or expose sensitive information.\n (CVE-2013-2207, CVE-2016-2856)\n\n Robin Hack discovered that the Name Service Switch (NSS) implementation in\n the GNU C Library did not properly manage its file descriptors. An attacker\n could use this to cause a denial of service (infinite loop).\n (CVE-2014-8121)\n\n Joseph Myers discovered that the GNU C Library did not properly handle long\n arguments to functions returning a representation of Not a Number (NaN). An\n attacker could use this to cause a denial of service (stack exhaustion\n leading to an application crash) or possibly execute arbitrary code.\n (CVE-2014-9761)\n\n Arjun Shankar discovered that in certain situations the nss_dns code in the\n GNU C Library did not properly account buffer sizes when passed an\n unaligned buffer. An attacker could use this to cause a denial of service\n or possibly execute arbitrary code. (CVE-2015-1781)\n\n Sumit Bose and Lukas Slebodnik discovered that the Name Service\n Switch (NSS) implementation in the GNU C Library did not handle long\n lines in the files databases correctly. A local attacker could use\n this to cause a denial of service (application crash) or possibly\n execute arbitrary code. (CVE-2015-5277)\n\n Adam Nielsen discovered that the strftime function in the GNU C Library did\n not properly handle out-of-range argument data. An attacker could use this\n to cause a denial of service (application crash) or possibly expose\n sensitive information. (CVE-2015-8776)\n\n Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed\n the pointer-guarding protection mechanism to be disabled by honoring the\n LD_POINTER_GUARD environment variable across privilege boundaries. A local\n attacker could use this to exploit an existing vulnerability more easily.\n (CVE-2015-8777)\n\n Szabolcs Nagy discovered that the hcreate functions in the GNU C Library\n did not properly check its size argument, leading to an integer overflow.\n An attacker could use to cause a denial of service (application crash) or\n possibly execute arbitrary code. (CVE-2015-8778)\n\n Maksymilian Arciemo ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"glibc on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2985-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2985-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.19-0ubuntu6.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.19-0ubuntu6.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.19-0ubuntu6.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.19-0ubuntu6.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.19-0ubuntu6.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.15-0ubuntu10.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.15-0ubuntu10.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.15-0ubuntu10.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.15-0ubuntu10.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.15-0ubuntu10.15\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libc-bin\", ver:\"2.21-0ubuntu4.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:i386\", ver:\"2.21-0ubuntu4.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6:amd64\", ver:\"2.21-0ubuntu4.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:i386\", ver:\"2.21-0ubuntu4.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libc6-dev:amd64\", ver:\"2.21-0ubuntu4.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-6040", "CVE-2014-9402", "CVE-2013-4788", "CVE-2016-3075", "CVE-2017-15670", "CVE-2012-4412", "CVE-2013-1914", "CVE-2019-9169", "CVE-2014-9761", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-4237", "CVE-2013-7423", "CVE-2014-0475"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191552", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1552\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2012-4412\", \"CVE-2013-1914\", \"CVE-2013-4237\", \"CVE-2013-4788\", \"CVE-2013-7423\", \"CVE-2014-0475\", \"CVE-2014-6040\", \"CVE-2014-9402\", \"CVE-2014-9761\", \"CVE-2015-1472\", \"CVE-2015-1781\", \"CVE-2015-5277\", \"CVE-2015-8776\", \"CVE-2016-3075\", \"CVE-2017-15670\", \"CVE-2019-9169\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1552)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1552\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1552 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277)\n\nA directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475)\n\nIt was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776)\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)\n\nThe PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788)\n\nAn out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application.(CVE-2014-6040)\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include ''networks: dns'' with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.(CVE-2016-3075)\n\nInteger overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.(CVE-2012-4412)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that ap ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0235", "CVE-2013-0242", "CVE-2014-8121", "CVE-2012-4424", "CVE-2015-8777", "CVE-2018-6485", "CVE-2015-5180", "CVE-2015-8779", "CVE-2017-15804", "CVE-2013-4332", "CVE-2016-3706", "CVE-2015-8778", "CVE-2013-2207", "CVE-2018-11236", "CVE-2017-1000366", "CVE-2017-12132", "CVE-2013-4458", "CVE-2015-1473", "CVE-2018-1000001", "CVE-2015-7547"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191551", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1551\");\n script_version(\"2020-01-23T12:12:38+0000\");\n script_cve_id(\"CVE-2012-4424\", \"CVE-2013-0242\", \"CVE-2013-2207\", \"CVE-2013-4332\", \"CVE-2013-4458\", \"CVE-2014-8121\", \"CVE-2015-0235\", \"CVE-2015-1473\", \"CVE-2015-5180\", \"CVE-2015-7547\", \"CVE-2015-8777\", \"CVE-2015-8778\", \"CVE-2015-8779\", \"CVE-2016-3706\", \"CVE-2017-1000366\", \"CVE-2017-12132\", \"CVE-2017-15804\", \"CVE-2018-1000001\", \"CVE-2018-11236\", \"CVE-2018-6485\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:12:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1551)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1551\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1551\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'glibc' package(s) announced via the EulerOS-SA-2019-1551 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)\n\nAn integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778)\n\nA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547)\n\nA flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242)\n\nA flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366)\n\nThe DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)\n\nIt was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121)\n\nStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (ak ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'glibc' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc\", rpm:\"glibc~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-common\", rpm:\"glibc-common~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-devel\", rpm:\"glibc-devel~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"glibc-headers\", rpm:\"glibc-headers~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nscd\", rpm:\"nscd~2.17~222.h11\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content (CVE-2016-1234). A stack overflow vulnerability (unbounded allocation) in _nss_dns_getnetbyname_r function was found (CVE-2016-3075). stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458) (CVE-2016-3706). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-23T22:00:58", "type": "mageia", "title": "Updated glibc packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4458", "CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"], "modified": "2016-05-23T22:00:58", "id": "MGASA-2016-0206", "href": "https://advisories.mageia.org/MGASA-2016-0206.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "description": "- CVE-2016-1234 (arbitrary code execution)\n\nIt was found that glob implementation in glibc does not correctly\nhandle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is\nused, causing a large stack-based buffer overflow with controlled length\nand content.\n\n- CVE-2016-3706 (denial of service)\n\nA stack (frame) overflow flaw, which could lead to a denial of service\n(application crash), was found in the way glibc's getaddrinfo()\nfunction processed certain requests when called with AF_INET or\nAF_INET6.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-13T00:00:00", "type": "archlinux", "title": "lib32-glibc: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234", "CVE-2016-3706"], "modified": "2016-05-13T00:00:00", "id": "ASA-201605-20", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:46", "description": "- CVE-2016-1234 (arbitrary code execution)\n\nIt was found that glob implementation in glibc does not correctly\nhandle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is\nused, causing a large stack-based buffer overflow with controlled\nlength and content.\n\n- CVE-2016-3706 (denial of service)\n\nA stack (frame) overflow flaw, which could lead to a denial of service\n(application crash), was found in the way glibc's getaddrinfo()\nfunction processed certain requests when called with AF_INET or\nAF_INET6.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-13T00:00:00", "type": "archlinux", "title": "glibc: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234", "CVE-2016-3706"], "modified": "2016-05-13T00:00:00", "id": "ASA-201605-19", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:38", "description": "- CVE-2016-3075 (denial of service)\n\nThe getnetbyname implementation in nss_dns contains a potentially\nunbounded alloca call (in the form of a call to strdupa), leading to a\nstack overflow (stack exhaustion) and a crash if getnetbyname is\ninvoked on a very long name.\n\n- CVE-2016-5417 (denial of service)\n\nThe sockaddr_in6 allocated in resolv/res_init.c:317 is not freed,\nleaking 28 bytes per thread using the resolver (according to valgrind).\nThe leak is triggered if name resolution functions are called in such a\nway that internal resolver data structures are only initialized\npartially. This issue may ultimately lead to denial of service by\nleaking extensive amounts of memory.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-08T00:00:00", "type": "archlinux", "title": "lib32-glibc: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075", "CVE-2016-5417"], "modified": "2016-08-08T00:00:00", "id": "ASA-201608-7", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:47", "description": "- CVE-2016-3075 (denial of service)\n\nThe getnetbyname implementation in nss_dns contains a potentially\nunbounded alloca call (in the form of a call to strdupa), leading to a\nstack overflow (stack exhaustion) and a crash if getnetbyname is\ninvoked on a very long name.\n\n- CVE-2016-5417 (denial of service)\n\nThe sockaddr_in6 allocated in resolv/res_init.c:317 is not freed,\nleaking 28 bytes per thread using the resolver (according to valgrind).\nThe leak is triggered if name resolution functions are called in such a\nway that internal resolver data structures are only initialized\npartially. This issue may ultimately lead to denial of service by\nleaking extensive amounts of memory.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-08T00:00:00", "type": "archlinux", "title": "glibc: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075", "CVE-2016-5417"], "modified": "2016-08-08T00:00:00", "id": "ASA-201608-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ibm": [{"lastseen": "2022-06-28T21:59:01", "description": "## Summary\n\nMultiple security vulnerabilities have been identified in glibc that is embedded in IBM FSM. This bulletin addresses these issues.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-1234_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234>)** \nDESCRIPTION:** glibc is vulnerable to a denial of service, caused by a stack-based buffer overflow within the glob implementation when GLOB_ALTDIRFUNC is used. A remote attacker could exploit this vulnerability using an overly long name to overflow a buffer and cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-3706_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by a stack-based buffer overflow by the getaddrinfo function within sysdeps/posix/getaddrinfo.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114123_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114123>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-4429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clntudp_call function within sunrpc/clnt_udp.c. By sending specially-crafted ICMP and UDP packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.0 \nFlex System Manager 1.3.3.0 \nFlex System Manager 1.3.2.1 \nFlex System Manager 1.3.2.0\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n\n\nProduct | \n\nVRMF | \n\nAPAR\n\n| \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.0 | \n\nIT13721\n\n| Install [fsmfix1.3.4.0_IT13720_IT13721_IT13722_IT18327_IT18400](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT13720_IT13721_IT13722_IT18327_IT18400&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \nFlex System Manager| \n\n1.3.3.0 | \n\nIT13721\n\n| Install [fsmfix1.3.3.0_IT13720_IT13721_IT13722_IT18327_IT18400](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT13720_IT13721_IT13722_IT18327_IT18400&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \nFlex System Manager| \n\n1.3.2.1 \n1.3.2.0 | \n\nIT13721\n\n| Install [fsmfix1.3.2.0_IT13720_IT13721_IT13722_IT18327_IT18400](<https://www-945.ibm.com/support/fixcentral/systemx/selectFixes?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT13720_IT13721_IT13722_IT18327_IT18400&function=fixId&parent=Flex%20System%20Manager%20NodeFlex%20System%20Manager>) \n \nFor all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product. \n \nFor a complete list of FSM security bulletins refer to this technote: [http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E](<http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n9 February, 2017 : Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"HW94A\",\"label\":\"Flex System Manager Node\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:34:54", "type": "ibm", "title": "Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple glibc vulnerabilities (CVE-2016-1234, CVE-2016-3706, CVE-2016-4429)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429"], "modified": "2018-06-18T01:34:54", "id": "35BCD86D8DB1903754E8FC7D36AFC356E7567826BEAF12494F91D28A6919000C", "href": "https://www.ibm.com/support/pages/node/630547", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:12:26", "description": "## Summary\n\nIBM DataPower Gateways has addressed a vulnerability in the ISAM Access Manager Client component that could cause a denial of service.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3706_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by a stack-based buffer overflow by the getaddrinfo function within sysdeps/posix/getaddrinfo.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114123_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114123>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM DataPower Gateways appliances versions 7.1.0.0-7.1.0.15, 7.2.0.0-7.2.0.12, 7.5.0.0-7.5.0.6, 7.5.1.0-7.5.1.5, 7.5.2.0-7.5.2.4 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM DataPower Gateway| 7.1.0.0-7.1.0.15| [IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) | Apply firmware 7.1.0.16 \nIBM DataPower Gateway| 7.2.0.0-7.2.0.12| [IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) | Apply firmware 7.2.0.13 \nIBM DataPower Gateway| 7.5.0.0-7.5.0.6| [IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) | Apply firmware 7.5.0.7 \nIBM DataPower Gateway| 7.5.1.0 - 7.5.1.5| [IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) | Apply firmware 7.5.1.6 \nIBM DataPower Gateway| 7.5.2.0 - 7.5.2.4| [IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) | Apply firmware 7.5.2.5 \n \n \nRefer to [APAR IT20143](<www.ibm.com/support/docview.wss?uid=swg1IT20143>) for URLs to download the fix. \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n\nFor DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 April 2017 Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"7.5.2;7.5.1;7.5;7.2;7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-30T07:48:35", "type": "ibm", "title": "Security Bulletin: Access Manager Client in IBM DataPower Gateways is vulnerable to a denial of service attack.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706"], "modified": "2019-08-30T07:48:35", "id": "596EBEB7B353B2A13BA545E1468230D76B368F7857B706B6275AE27779F52B1A", "href": "https://www.ibm.com/support/pages/node/558359", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:58:33", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in glibc. IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3075_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075>)** \nDESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns implementation of the getnetbyname function. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113796_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113796>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed as of 3.1.0.2 update 5 or later.\n\nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed as of PowerKVM 2.1.1.3-65 update 15 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n\nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 Jan 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:34:56", "type": "ibm", "title": "Security Bulletin: A vulnerability in glibc affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2018-06-18T01:34:56", "id": "854AA33671D2BBC8B0C65FBA78CFC1EF40BEBEE4F75A62ECA62C56E270C14035", "href": "https://www.ibm.com/support/pages/node/630561", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:13:15", "description": "## Summary\n\nGlibc vulnerabilities were found in IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-3706_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by a stack-based buffer overflow by the getaddrinfo function within sysdeps/posix/getaddrinfo.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114123_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114123>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-4429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429>)** \nDESCRIPTION:** GNU C Library (glibc or libc6) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clntudp_call function within sunrpc/clnt_udp.c. By sending specially-crafted ICMP and UDP packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Security Network Controller 1.0.X \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n** IBM Security Network Controller**| _1.0.X_| [Proventia NSC update 15 (fw 1.0.4100)](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=All&function=fixId&fixids=20161220_Proventia_Network_Security_Controller_update-15_fw1.0.4100&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n** IBM Security Network Controller**| _1.0.X_| [Proventia NSC update 15 (fw 1.0.4100M)](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Network+Active+Bypass&release=All&platform=All&function=fixId&fixids=20161220_Proventia_Network_Security_Controller_update-15_fw1.0.4100M&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>) \n \nFor IBM Security Network Controller products at firmware versions 1.0.X, IBM recommends upgrading to 1.0.4100M/1.0.4100 depending on current firmware installed. Update 1.0.4100M and 1.0.4100 are the supported firmware release of the product. \n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nOriginal publish date: Dec 26, 2016\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSB2MH\",\"label\":\"IBM Security Network Controller\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"1.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:49:05", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Glibc affect IBM Security Network Controller (CVE-2016-3706, CVE-2016-4429)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706", "CVE-2016-4429"], "modified": "2018-06-16T21:49:05", "id": "09CA380459763EF94B351758E7FF0F92BBB9AFC80865460EEA911B8F50DF4855", "href": "https://www.ibm.com/support/pages/node/288077", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:02:53", "description": "## Summary\n\nCloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-8985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a flaw in the pop_fail_stack function. By using a specially crafted extended regular expression, a remote attacker could cause an assertion failure and application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-8984](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by an out-of-bounds read in the fnmatch function. By using a malformed pattern, a remote attacker could cause the application crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426>) \n** DESCRIPTION: **Python pydoc module could allow a remote attacker from within the local network obtain sensitive information. By starting the pydoc server, an attacker could exploit this vulnerability to extract arbitrary files. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2007-3716](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716>) \n** DESCRIPTION: **Sun JRE (Java Runtime Environment) and JDK (Java Developer's Kit) could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the XML Digital Signature implementation. By sending a specially-crafted XML signature containing a malicious XSLT stylesheet, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the application's permissions. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/35332](<https://exchange.xforce.ibmcloud.com/vulnerabilities/35332>) for the current score. \nCVSS Vector: \n \n** CVEID: **[CVE-2017-18018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018>) \n** DESCRIPTION: **GNU Coreutils could allow a local attacker to bypass security restrictions, caused by not preventing replacement of a plain file with a symlink issue in chown-core.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to modify the ownership of arbitrary files. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-17101](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101>) \n** DESCRIPTION: **LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in cpTags in tools/tiff2bw.c and tools/pal2rgb.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to obtain sensitive information, caused by improper input validation by the CUPS component. By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to obtain restricted memory information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-35448](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-26927](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26927>) \n** DESCRIPTION: **JasPer is vulnerable to a denial of service, caused by a NULL pointer dereference in jp2_decode in jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197351](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197351>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-28153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28153>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2017-13728](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728>) \n** DESCRIPTION: **GNU ncurses is vulnerable to a denial of service, caused by an error in the next_char function in comp_scan.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7613](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124513>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7612](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in the check_sysv_hash function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7611](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7611>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in check_symtab_shndx function in elflint.c . By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124511](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124511>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7610](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7610>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read check_group function in elflint.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124510](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124510>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7609](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7609>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory consumption in elf_compress.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124509>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7608](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7608>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read in ebl_object_note_type_name function in eblobjnotetypename.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7607](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by heap-based buffer over-read handle_gnu_hash function in readelf.c. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10255](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10255>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in __libelf_set_rawdata_wrlock function in elf_getdata.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-10254](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10254>) \n** DESCRIPTION: **Elfutils is vulnerable to a denial of service, caused by memory allocation failure in allocate_elf function in common.h. By persuading a victim to open a crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124086](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124086>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062>) \n** DESCRIPTION: **Libidn2 is vulnerable to a denial of service, caused by an integer overflow in the decode_digit function in puny_decode.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-7245](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a stack-based buffer overflow flaw in the pcre32_copy_substring function in pcre_get.c in libpcre1. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash or other unspecified impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-4984](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4984>) \n** DESCRIPTION: **openldap-servers could allow a local authenticated attacker to obtain sensitive information, caused by a weak permission for /usr/libexec/openldap/generate-server-cert.sh issue. By leveraging a race condition between the creation of the certificate, a local attacker could exploit this vulnerability to obtain the TLS certificate. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129440](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129440>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-9318](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318>) \n** DESCRIPTION: **Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119018](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119018>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-4493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a denial of service, caused by a read access violation in demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty. An attacker could exploit this vulnerability using a specially crafted binary to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-13685](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the dump_callback function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131204](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131204>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483>) \n** DESCRIPTION: **GNU Wget could allow a local authenticated attacker to obtain sensitive information, caused by the storing of the origin URL in the user.xdg.origin.url metadata in the set_file_metadata function in xattr.c. By reading the metadata attribute, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-30720](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to access restricted ports on arbitrary servers. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-8908](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908>) \n** DESCRIPTION: **Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10707](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10707>) \n** DESCRIPTION: **jQuery is vulnerable to a denial of service, caused by removing a logic that lowercased attribute names. By using a mixed-cased name for boolean attributes, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138030](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138030>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18074](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074>) \n** DESCRIPTION: **The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by sending information in an insecure manner. By sniffing the network, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-3721](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721>) \n** DESCRIPTION: **Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the prototype of Object, an attacker could exploit this vulnerability to add or modify existing property that will exist on all objects. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-18874](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18874>) \n** DESCRIPTION: **psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14145](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145>) \n** DESCRIPTION: **OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-24025](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24025>) \n** DESCRIPTION: **node-sass could allow a remote attacker to bypass security restrictions, caused by the disablement of certificate validation when requesting binaries even if the user is not specifying an alternative download path. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-24370](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24370>) \n** DESCRIPTION: **Lua is vulnerable to a denial of service, caused by a negation overflow and segmentation fault in getlocal and setlocal. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-28168](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168>) \n** DESCRIPTION: **Node.js axios module is vulnerable to server-side request forgery, caused by improper input validation. By providing a URL that responds with a redirect to a restricted host or IP address, an attacker could exploit this vulnerability to conduct SSRF attack to bypass a proxy. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-30641](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641>) \n** DESCRIPTION: **Apache HTTP Server could provide weaker than expected security, caused by unexpected URL matching behavior with 'MergeSlashes OFF. An attacker could exploit this vulnerability to match URLs from all sites in the same domain and launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31535](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535>) \n** DESCRIPTION: **X.Org libX11 is vulnerable to a denial of service, caused by improper input validation by the length of the string parameters. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause emission of extra X protocol requests to the X server, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202043](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202043>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33503](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503>) \n** DESCRIPTION: **urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203109](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203109>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33928](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33928>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33929](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33929>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_disabled_solvable in src/repo.h. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33930](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33930>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pool_installable_whatprovides in src/repo.h function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33938>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a heap-based buffer overflow in the prune_to_recommended in src/policy.c function. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208663](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208663>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35559](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35561](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35586](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29362](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362>) \n** DESCRIPTION: **p11-glue p11-kit could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read flaw in the RPC protocol. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain up to 4 bytes of memory past the heap allocation, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-6891](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891>) \n** DESCRIPTION: **GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127214](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127214>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4008](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4008>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by improper handling of the ASN1_DECODE_FLAG_STRICT_DER flag in _asn1_extract_der_octet function in lib/decoding.c. By using a malformed certificate, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/113127](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113127>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-8817](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds read flaw in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH). By using a string that ends with an '[' character, an attacker could exploit this vulnerability to redirect the victim to an arbitrary site. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8625](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625>) \n** DESCRIPTION: **cURL/libcurl could provide weaker than expected security, caused by the translation of International Domain Names (IDNA) to puny code for DNS resolving using the IDNA 2003 standard. An attacker could exploit this vulnerability to issue network transfer requests to the wrong host. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8624](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the authority component of the URL when handling '#' character. By using a specially-crafted URL with '#' character, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118642](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118642>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to obtain sensitive information, caused by an out of bounds read error within the curl_getdate function. By using specially-crafted date strings, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process and obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-8616](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protocol which supports connection-scoped credentials, an attacker could exploit this vulnerability to cause a connection to be reused. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-8615](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615>) \n** DESCRIPTION: **cURL/libcurl is vulnerable to cookie injection, caused by an error related to fgets() function. By using a malicious server that sends a very long cookie name and value, a remote attacker could exploit this vulnerability to inject a malicious cookie for arbitrary domains. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924>) \n** DESCRIPTION: **An unspecified error with bad connection reused due to improper path name validation in cURL libcurl has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-0755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755>) \n** DESCRIPTION: **Libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to check NTLM-authenticated proxy connections for reuse. An attacker could exploit this vulnerability to use a proxy connection for a different authenticated client username. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-13050](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050>) \n** DESCRIPTION: **GNU Privacy Guard (GnuPG) is vulnerable to a denial of service, caused by a certificate spamming attack when referring to a host on the SKS keyserver network in the keyserver configuration. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-5276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5276>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could provide weaker than expected security, caused by the failure to properly handle short reads from blocking sources by the std::random_device class in libstdc++. A remote attacker could exploit thsi vulnerability to predict random values. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-19645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an infinite recursion flaw in alter.c. By sending a specially-crafted request using certain types of self-referential views in conjunction with ALTER TABLE statements, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172774](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172774>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19880](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an invalid pointer dereference in exprListAppendList in window.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173387](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173387>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19924>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by the mishandling of certain parser-tree rewriting in the sqlite3WindowRewrite function in expr.c, vdbeaux.c, and window.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173495](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173495>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-8457](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13631](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631>) \n** DESCRIPTION: **SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw in the alter.c and build.c. By sending a specially crafted request, an attacker could exploit this vulnerability to rename the virtual table to the name of one of its shadow tables. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2017-9233](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by a XML External Entity vulnerability in the parser. By using a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129459>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-5300](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization. By using specially-crafted identifiers in an XML document, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114435](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114435>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-4472](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472>) \n** DESCRIPTION: **Expat XML parser is vulnerable to a denial of service, caused by the removal by compilers with certain optimization settings. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114683](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114683>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2695](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established SPNEGO context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107874](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107874>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2696](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service, caused by a pointer type error in the GSS-API library. By sending a specially crafted gss_inquire_context() call on a partially-established IAKERB context, a remote attacker could exploit this vulnerability to cause the process to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906>) \n** DESCRIPTION: **cyrus-sasl is vulnerable to a denial of service, caused by an off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP packet, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1234](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234>) \n** DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a stack-based buffer overflow within the glob implementation when GLOB_ALTDIRFUNC is used. A remote attacker could exploit this vulnerability using an overly long name to overflow a buffer and cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-13956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26154](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26154>) \n** DESCRIPTION: **libproxy is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted PAC file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189418](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189418>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13645>) \n** DESCRIPTION: **GNOME glib-networking is vulnerable to a man-in-the-middle attack, caused by missing hostname verification in the server TLS certificate in the implementation of GTlsClientConnection. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182648>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-16435](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16435>) \n** DESCRIPTION: **Little CMS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the AllocateDataSet function in cmscgats.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149326](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149326>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2008-3105](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an error in XML data processing. An attacker could exploit this vulnerability using the JAX-WS client or a service in a trusted application to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43657>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2021-22931](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931>) \n** DESCRIPTION: **Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207230](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207230>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3672](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672>) \n** DESCRIPTION: **The c-ares library could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause the output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207212>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-3153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153>) \n** DESCRIPTION: **cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102989>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2016-8617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617>) \n** DESCRIPTION: **cURL/libcurl could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out of bounds write in the base64 encode function. By using a specially crafted username, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3859](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev functions. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3860](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860>) \n** DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with empty payloads. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-13558](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13558>) \n** DESCRIPTION: **WebKitGTK and WPE WebKit could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the AudioSourceProviderGStreamer class. By persuading a victim to open specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1788](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1788>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1789](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195893>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1844](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1844>) \n** DESCRIPTION: **Apple Safari, macOS Big Sur, iOS, iPadOS and watchOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1870](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1871](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21779](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebKit componenet. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202343](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202343>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-21806](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806>) \n** DESCRIPTION: **WebKit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in fireEventListeners. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205101](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205101>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663>) \n** DESCRIPTION: **Apple iOS, iPadOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201120](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201120>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30665](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665>) \n** DESCRIPTION: **Apple iOS, iPadOS, watchOS and macOS Big Sur could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201119](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201119>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30734](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202348](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202348>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by multiple memory corruption issues in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202347](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202347>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30758](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an error in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206133>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30799](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799>) \n** DESCRIPTION: **Apple macOS Catalina could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206131>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13565](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565>) \n** DESCRIPTION: **OpenLDAP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an error when using SASL authentication and session encryption. An attacker could exploit this vulnerability to gain privileges on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276>) \n** DESCRIPTION: **GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924>) \n** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520>) \n** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796>) \n** DESCRIPTION: **Vim is vulnerable to a denial of service, caused by a use-after-free in nv_replace. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2019-13115](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762>) \n** DESCRIPTION: **json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182094](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182094>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27828](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828>) \n** DESCRIPTION: **Jasper is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the cp_create() in jpc_enc.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-27918](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the WebKit component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the device. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35492](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492>) \n** DESCRIPTION: **cairo is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by image-compositor.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198420>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3778](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209481](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209481>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-10140](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140>) \n** DESCRIPTION: **Postfix could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in in undocumented function in Berkeley DB. By reading settings from DB_CONFIG in the current directory, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/142457](<https://exchange.xforce.ibmcloud.com/vulnerabilities/142457>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516>) \n** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24977](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-38185](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38185>) \n** DESCRIPTION: **GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow that triggers an out-of-bounds heap write in the ds_fgetstr function in dstring.c. By persuading a victim to open a specially-crafted crafted pattern file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22922](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22922>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by not removing incorrect content by the metalink feature. By persuading a victim to download specially-crafted content, an attacker could exploit this vulnerability to access malicious content to keep in the file on disk for further attack. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206045](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206045>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-21775](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21775>) \n** DESCRIPTION: **WebKit WebKitGTK could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw when certain events are processed for ImageLoader objects. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information and cause further memory corruptions. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2014-0452](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the JAX-WS component has partial confidentiality impact, partial integrity impact, and partial availability impact. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92474](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92474>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2018-12700](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a stack exhaustion in debug_write_type in debug.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/145316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/145316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-13117](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117>) \n** DESCRIPTION: **libxslt could allow a remote attacker to obtain sensitive information, caused by an error in numbers.c that leads to an uninitialized read in xsltNumberFormatInsertNumbers. An attacker could exploit this vulnerability to discern whether a byte on the stack contains the characters A, a, I, I, or 0, or any other character. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-20838](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a buffer over-read in JIT. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13435](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16135](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135>) \n** DESCRIPTION: **Libssh is vulnerable to a denial of service, caused by a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186148](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186148>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36241](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36241>) \n** DESCRIPTION: **GNOME gnome-autoar could allow a remote attacker to traverse directories on the system, caused by the lack of checks of file in autoar-extractor.c. An attacker could send a specially-crafted file to overwrite arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196330](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196330>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-36332](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36332>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by allocating an excessive amount of memory. By reading a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202249](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202249>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20270](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270>) \n** DESCRIPTION: **Pygments is vulnerable to a denial of service, caused by an infinite loop in SMLLexer. By performing syntax highlighting of an SML source file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22876](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199186](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199186>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22898](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sending a specially-crafted request using a clear-text network protocol, an attacker could exploit this vulnerability to obtain sensitive internal information to the server, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202562>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22946](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a required TLS bypassed issue. By sniffing the network, an attacker could exploit this vulnerability to obtain sensitive data in clear text over the network, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209452>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-23840](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29059](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29059>) \n** DESCRIPTION: **Node.js IS-SVG module is vulnerable to a denial of service, caused by an error when the application is provided and checks a specially crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204157](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204157>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a denial of service, caused by a use-after-free flaw in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37136](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211777](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211777>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37137](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137>) \n** DESCRIPTION: **Netty netty-codec is vulnerable to a denial of service, caused by not restrict the chunk length in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause excessive memory usage, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211779](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211779>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3765>) \n** DESCRIPTION: **validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212669>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11113](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113>) \n** DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a NULL pointer dereference in the _nc_parse_entry function of tinfo/parse_entry.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129022>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11112](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112>) \n** DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c issue. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129021](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129021>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29361](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361>) \n** DESCRIPTION: **p11-glue p11-kit are vulnerable to a denial of service, caused by multiple integer overflows when allocating memory for arrays of attributes and object identifiers. By sending a specially-crafted request using realloc or calloc function, an attacker could exploit this vulnerability to cause a denial of service or possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-6003](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6003>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by a stack exhaustion in the _asn1_decode_simple_ber function in decoding.c. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138175](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138175>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-10790](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790>) \n** DESCRIPTION: **GNU Libtasn1 is vulnerable to a denial of service, caused by a NULL pointer dereference in the _asn1_check_identifier function. By reading specially crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11164](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the OP_KETRMAX feature in the match function in pcre_exec.c. By using a specially-crafted regular expression, a remote attacker could exploit this vulnerability to cause stack exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-1000254](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254>) \n** DESCRIPTION: **libcurl is vulnerable to a denial of service, caused by a buffer overread in the string parser. By sending a specially-crafted response to a PWD command, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133027](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133027>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8285](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a stack-based buffer overflow in the wildcard matching function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27212](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in slapd within the issuerAndThisUpdateCheck function. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a daemon exit. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196992](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196992>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36221](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an integer underflow in the Certificate Exact Assertion processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36222](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in the saslAuthzTo validation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36223](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36223>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a double free and out-of-bounds read in the Values Return Filter control handling. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195552](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195552>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36224](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36224>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an invalid pointer free in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36225](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36225>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a double free in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195554](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195554>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36226](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a memch->bv_len miscalculation flaw in the saslAuthzTo processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195555](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195555>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an infinite loop in the cancel_extop Cancel operation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195556](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195556>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an integer underflow in the Certificate List Exact Assertion processing. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195557](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195557>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36229](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a flaw in the X.509 DN parsing in ad_keystring. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36230](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in the X.509 DN parsing in decode.c ber_next_element. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause slapd to crash, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195559](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195559>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25710](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25710>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in csnNormalize23 function in servers/slapd/schema_init.c. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192487](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192487>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25709](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25709>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by an assertion failure in certificateListValidate function in servers/slapd/schema_init.c. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192486>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-20387](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387>) \n** DESCRIPTION: **libsolv is vulnerable to a denial of service, caused by a heap-based buffer over-read in the repodata_schema2id function in repodata.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175508](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175508>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-9574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a denial of service, caused by an error during the session handshake. A remote attacker could exploit this vulnerability using using SessionTicket extension and ECDHE-ECDSA to cause a denail of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3537](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-16932](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932>) \n** DESCRIPTION: **Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135489>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7595](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175333](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175333>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36222](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222>) \n** DESCRIPTION: **MIT Kerberos (aka krb5) is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the daemon to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206318](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206318>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-11462](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462>) \n** DESCRIPTION: **A double free vulnerability in MIT Kerberos 5 (aka krb5) has an unknown impact and attack vector involving automatic deletion of security contexts on error. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132060](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132060>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-28196](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an unbounded recursion flaw in lib/krb5/asn.1/asn1_encode.c. By sending a specially-crafted ASN.1-encoded Kerberos message, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-15671](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671>) \n** DESCRIPTION: **GNU C Library is vulnerable to a denial of service, caused by a memory leak in the glob function in glob.c. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25219>) \n** DESCRIPTION: **libproxy is vulnerable to a denial of service, caused by an uncontrolled recursion in url::recvline in url.cpp. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause stack exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-9234](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234>) \n** DESCRIPTION: **GnuPG could allow a remote attacker to bypass security restrictions, caused by the failure to enforce a configuration in which key certification requires an offline master Certify key. By sending a specially-crafted request, an attacker could exploit this vulnerability to sign the keys of others with only a signing subkey. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-20231](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client sending key_share extension. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198173](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198173>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-20232](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a use-after-free issue in client_send_params in lib/ext/pre_shared_key.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause memory corruption and other consequences. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198172>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-22947](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw when connecting to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209453](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209453>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-1752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752>) \n** DESCRIPTION: **GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free. By creating a specially crafted path, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-19603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603>) \n** DESCRIPTION: **An error during handling of CREATE TABLE and CREATE VIEW statements in SQLite has an unknown impact via a specially crafted table name. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172765>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-14155](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155>) \n** DESCRIPTION: **PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-24870](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870>) \n** DESCRIPTION: **LibRaw is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by ::identify_process_dng_fields. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203026](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203026>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10685](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685>) \n** DESCRIPTION: **ncurses (new curses) library could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a format string in the fmt_entry function. By sending specially-crafted format string specifiers in the argument, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128176](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128176>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10684](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684>) \n** DESCRIPTION: **ncurses (new curses) library is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the fmt_entry function. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128175](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128175>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6262](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6262>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by improper validation of input in idna.c. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6261](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6261>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read error in idna_to_ascii_4i function in idna.c. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115585](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115585>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8948](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8948>) \n** DESCRIPTION: **libidn is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read error. A remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/115588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-9586](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586>) \n** DESCRIPTION: **cURL/libcurl is vulnerable to a buffer overflow, caused by improper boundary checks by the floating point conversion. By sending a specially crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119929](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119929>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-8619](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to execute arbitrary code on the system, caused by double-free error in the krb5 code. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-8618](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618>) \n** DESCRIPTION: **cURL/libcurl could allow a remote attacker to execute arbitrary code on the system, caused by double-free error in the curl_maprintf() function on systems using 32 bit size_t variables. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-1951](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951>) \n** DESCRIPTION: **Mozilla Netscape Portable Runtime (NSPR) is vulnerable to a buffer overflow, caused by multiple integer overflows in io/prprf.c. By sending an overly long string to a PR_*printf function, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-7501](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7501>) \n** DESCRIPTION: **rpm could allow a local attacker to launch a symlink attack, caused by the use of a temporary files with predictable names when installing an RPM. A local authenticated attacker could exploit this vulnerability by creating a symbolic link from a temporary file to arbitrary location, which could allow the attacker to modify content, gain elevated privileges on the system or cause a denial of service. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-7500](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7500>) \n** DESCRIPTION: **rpm could allow a local attacker to launch a symlink attack, caused by the improper handling of RPM installations when a destination path was a symbolic link to a directory. A local authenticated attacker could exploit this vulnerability by creating a symbolic link from a temporary file to directories, which could allow the attacker to gain root privileges on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132733](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132733>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-16931](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931>) \n** DESCRIPTION: **Xmlsoft libxml2 is vulnerable to a buffer overflow, caused by improper handling of parameter-entity references in xmlParserHandlePEReference function. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135488](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135488>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4492](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a write access violation on destination operand in the libiberty demangler. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116386](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116386>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4491](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a stack-based buffer overflow, caused by an infinite recursion in d_print_comp in the libiberty demangler library. By sending a specially crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116385](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116385>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4490](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a write access violation in cp-demangle.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116384>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4489](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the demangling of virtual tables in method gnu_special. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116383](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116383>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free to array ktypevec if the libiberty demangler is called with a certain class signature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free if the libiberty demangler is called with a certain class signature. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116381](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116381>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-2226](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226>) \n** DESCRIPTION: **GNU Compiler Collection (GCC) is vulnerable to a buffer overflow, caused by an integer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the libiberty binary. By sending a specially crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/116380](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116380>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-20218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218>) \n** DESCRIPTION: **An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173900](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173900>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-10989](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989>) \n** DESCRIPTION: **SQLite is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by getNodeSize function in ext/rtree/rtree.c. By using a specially-crafted database, a remote attacker could overflow a buffer and cause unspecified impacts on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-9169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>) \n** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-4429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429>) \n** DESCRIPTION: **GNU C Library (glibc or libc6) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clntudp_call function within sunrpc/clnt_udp.c. By sending specially-crafted ICMP and UDP packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114024>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8983](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983>) \n** DESCRIPTION: **glibc is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the _IO_wstr_overflow function in libio/wstrops.c. A remote attacker could exploit the vulnerability to cause the application to crash or execute arbitrary code in the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-8982](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982>) \n** DESCRIPTION: **glibc is vulnerable to a stack-based buffer overflow, caused by an integer overflow, caused by an integer overflow in the strxfrm function function. By sending a specially crafted string, a remote attacker could exploit the vulnerability to cause the application to crash or execute arbitrary code in the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/126597](<https://exchange.xforce.ibmcloud.com/vulnerabilities/126597>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-28957](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957>) \n** DESCRIPTION: **lxml is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the defs.py script. A remote attacker could exploit this vulnerability using the HTML action attribute to inject malicious script into a Web page which would be executed in a victim\u2019s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim\u2019s cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198515>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41182](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the altField parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41183](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Datepicker widget. A remote attacker could exploit this vulnerability using the Text parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212276](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212276>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-41184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184>) \n** DESCRIPTION: **jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position() function. A remote attacker could exploit this vulnerability using the of parameter to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212277](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212277>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-7774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774>) \n** DESCRIPTION: **Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-23440](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23440>) \n** DESCRIPTION: **Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209431](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209431>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-22940](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207520](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207520>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2016-10540](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10540>) \n** DESCRIPTION: **Node.js minimatch module is vulnerable to a denial of service, caused by a flaw in the minimatch function. By using a specially-crafted value, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149140](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149140>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7768](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7768>) \n** DESCRIPTION: **Node.js grpc module is vulnerable to a denial of service, caused by a prototype pollution flaw by the loadPackageDefinition function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22930](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-28092](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092>) \n** DESCRIPTION: **Node.js is-svg module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex string, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198145>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29425](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-32838](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32838>) \n** DESCRIPTION: **lask-RESTX is vulnerable to a denial of service, caused by a regular expression flaw in email_regex. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209812>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-37714](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37714>) \n** DESCRIPTION: **jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the HTML and XML parser to get stuck, timeout, or throw unchecked exceptions resulting in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3795>) \n** DESCRIPTION: **semver-regex is vulnerable to a denial of service, caused by the inefficient regular expression complexity. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2008-3103](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103>) \n** DESCRIPTION: **The Java Management Extensions (JMX) management agent included in the Sun Java Runtime Environment (JRE) could allow a remote attacker to bypass security restrictions, caused by an unspecified error. If local monitoring is enabled, a JMX client could exploit this vulnerability and perform unauthorized actions on a system running JMX. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43669>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-3109](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to gain unauthorized access to the system, caused by an error related to scripting language support. By persuading a victim to download an untrusted applet or application, a remote attacker could read and write local files or execute local applications that are accessible to the victim. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43660>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-5347](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow untrusted applets and applications to gain elevated privileges on the system, caused by multiple unspecified vulnerabilities regarding the JAX-WS and JAXB packages. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47068](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47068>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-35567](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35567>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2015-4041](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4041>) \n** DESCRIPTION: **coreutils is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the src/sort.c. By persuading a victim to run a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103307>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-42378](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern in the getvar_i function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the next_input_file function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42380](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the clrvar function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42381](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the hash_init function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42382](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the getvar_s function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213535](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213535>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42383](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the evaluate function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213536](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213536>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42384](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the handle_special function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213537](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213537>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the evaluate function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42386](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386>) \n** DESCRIPTION: **BusyBox could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in awk applet when processing a specially crafted awk pattern iin the nvalloc function. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1799](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a port redirection issue in the WebRTC component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain access to restricted ports on arbitrary servers. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195887](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195887>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-1801](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801>) \n** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to violate iframe sandboxing policy. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195886>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-22925](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain TELNET stack contents, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206051](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206051>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2017-7781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an elliptic curve point addition error when using mixed Jacobian-affine coordinates. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to compute an incorrect shared secret. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130176](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130176>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2018-18508](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in several CMS functions. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the server to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160205](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160205>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2016-9074](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could provide weaker than expected security, caused by an insufficient mitigation of timing side-channel attacks. An attacker could exploit this vulnerability to gain launch further attacks on the system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118942](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118942>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-12399](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a timing timing attack when performing DSA signatures. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to leak private keys and obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2015-8382](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382>) \n** DESCRIPTION: **PCRE could allow a remote attacker to obtain sensitive information, caused by the mishandling of the pattern and related patterns involving (*ACCEPT) by the match function. An attacker could exploit this vulnerability using a specially crafted regular expression to obtain sensitive information or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-37750](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in kdc/do_tgs_req.c in the Key Distribution Center (KDC). By sending a specially-crafted FAST TGS request with no server field, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42374](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374>) \n** DESCRIPTION: **BusyBox is vulnerable to a denial of service, caused by an out-of-bounds heap read in lzma/unlzma applet when specially crafted LZMA-compressed input is decompressed. A remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213527](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213527>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2021-22923](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22923>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to obtain sensitive information, caused by improper protection to user credentials by the metalink feature. By persuading a victim to connect a specially-crafted server, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206046](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206046>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3445](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3445>) \n** DESCRIPTION: **libdnf could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in signature verification functionality. By placing a signature in the main header, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-5827](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-7000](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by a pointer disclosure in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/129419](<https://exchange.xforce.ibmcloud.com/vulnerabilities/129419>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-7036](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7036>) \n** DESCRIPTION: **SQLite could allow a remote attacker to execute arbitrary code on the system, caused by a pointer error in the fts3_tokenizer function. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108154>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-28498](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498>) \n** DESCRIPTION: **Node.js Elliptic module could allow a local attacker to obtain sensitive information, caused by a flaw in the secp256k1 implementation in elliptic/ec/key.js. By sending a specially-crafted request using a number of ECDH operations, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196053](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196053>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-36085](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in cil_reset_classpermission . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36087](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a heap-based buffer over-read in ebitmap_match_any. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-6004](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004>) \n** DESCRIPTION: **Perl Compatible Regular Expressions (PCRE) is vulnerable to a denial of service, caused by a flaw in compile_bracket_matchingpath function in pcre_jit_compile.c. By supplying a specially-crafted regular expression, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/122097](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122097>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-9251](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2016-10735](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155339](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155339>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-14041](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/146467](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146467>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20676](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155338](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155338>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2018-20677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155337](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155337>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-10219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10219>) \n** DESCRIPTION: **Hibernate-Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SafeHtml validator annotation A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-11358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358>) \n** DESCRIPTION: **jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-8331](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331>) \n** DESCRIPTION: **Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181349](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181349>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-11023](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023>) \n** DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181350](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181350>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-26926](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26926>) \n** DESCRIPTION: **JasPer is vulnerable to a denial of service, caused by an out-of-bounds read by the jp2_decode function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to disclose information or cause the application to crash. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2021-30689](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30689>) \n** DESCRIPTION: **Apple iOS and iPadOS are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the WebKit. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202346](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202346>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-30744](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30744>) \n** DESCRIPTION: **Apple iOS and iPadOS are vulnerable to universal cross-site scripting, caused by improper validation of user-supplied input by the WebKit component. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202342](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202342>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-7526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526>) \n** DESCRIPTION: **Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128271](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128271>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2008-1191](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191>) \n** DESCRIPTION: **Sun Java Web Start in Sun JDK and JRE could allow a remote attacker to gain elevated privileges, caused by an unspecified vulnerability which allows an untrusted application to assign additional permissions to itself. An attacker could exploit this vulnerability and gain elevated privileges to create arbitrary files on the system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/41136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/41136>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-26691](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mod_session. By sending a specially crafted SessionHeader, a remote attacker could overflow a buffer and cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33560](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by improper handling of ElGamal encryption. By using side-channel attack techniques against mpi_powm, and the window size, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203266](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203266>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-35550](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35550>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2016-2779](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779>) \n** DESCRIPTION: **util-linux could allow a local attacker to gain elevated privileges on the system, caused by an error when executing a program via \"runuser -u nonpriv program\". An attacker could exploit this vulnerability using the TIOCSTI ioctl to hijack the tty and gain elevated privileges on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2015-5218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218>) \n** DESCRIPTION: **util-linux is vulnerable to a buffer overflow, caused by improper bounds checking by the page parameter in the text-utils/colcrt.c script. By parsing specially-crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/108550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781>) \n** DESCRIPTION: **util-linux could allow a local attacker to gain elevated privileges on the system, caused by an error when executing a program via \"chroot --userspec=someuser:somegroup / /path/to/test\". An attacker could exploit this vulnerability using the TIOCSTI ioctl to hijack the tty and gain elevated privileges on the system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/111088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2017-1000100](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100>) \n** DESCRIPTION: **cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL processing error when doing a TFTP transfer. By redirecting a libcurl-using client request to a TFTP URL containing an overly long file name and tricking the server to send private memory contents, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/130190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/130190>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-22939](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939>) \n** DESCRIPTION: **Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207233](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207233>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-36159](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36159>) \n** DESCRIPTION: **libfetch could allow a remote attacker to obtain sensitive information, caused by the an out-of-bounds read flaw when handling numeric strings for the FTP and HTTP protocols. By sending a specially-crafted input, an attacker could exploit this vulnerability to obtain sensitive information, or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206715](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206715>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-7751](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7751>) \n** DESCRIPTION: **Pathval could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190564](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190564>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358>) \n** DESCRIPTION: **Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the template function. By sending a specially-crafted argument using the variable property, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198958](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198958>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3711](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711>) \n** DESCRIPTION: **OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208072](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208072>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-25014](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an uninitialized variable in function ReadSymbol. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-18218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218>) \n** DESCRIPTION: **File is vulnerable to a heap-based buffer overflow, caused by improper improper bounds checking by the cdf_read_property_info function in cdf.c. By sending an overly large amount of CDF_VECTOR elements, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169693](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169693>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42574](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574>) \n** DESCRIPTION: **Unicode could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the bidirectional algorithm in the unicode specification. By creating a malicious patch containing well placed BiDi characters, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: This vulnerability also affects Rust. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3115](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3115>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a command injection flaw when using the go get command to fetch modules that make use of cgo. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195678](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195678>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-15088](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a buffer overflow, caused by improper bounds checking by the Distinguished Name (DN) fields in the get_matching_data and X509_NAME_oneline_ex functions. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135696](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135696>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2008-5352](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll). By persuading a victim to visit a malicious Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47062>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2008-5358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to execute arbitrary code on the system, caused by an error when parsing GIF image files. By persuading a victim to visit a specially-crafted Web site containing a malicious GIF file, a remote attacker could corrupt memory during a splash screen display and execute arbitrary code on the system with the privileges of the victim. \nCVSS Base score: 9.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47049>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) \n \n** CVEID: **[CVE-2018-25009](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25009>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202260](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202260>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25010](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ApplyFilter. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25012>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202258](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202258>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2018-25013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25013>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ShiftBytes. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202257](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202257>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-36330](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ChunkVerifyAndAssign. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202251>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2020-36331](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331>) \n** DESCRIPTION: **Libwebp is vulnerable to a denial of service, caused by an out-of-bounds read in function ChunkAssignData. A remote attacker could exploit this vulnerability to gain sensitive information or cause the application to crash. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202250](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202250>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-29921](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921>) \n** DESCRIPTION: **Python is vulnerable to server-side request forgery, caused by improper input validation of octal strings in the stdlib ipaddress. By submitting a specially-crafted IP address to a web application, an attacker could exploit this vulnerability to conduct SSRF or local file include attacks. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201083](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201083>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-40438](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in mod_proxy. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to forward the request to an origin server chosen by the remote user. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-13057](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057>) \n** DESCRIPTION: **NetApp Data ONTAP operating in 7-Mode could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-28650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28650>) \n** DESCRIPTION: **GNOME gnome-autoar could allow a remote attacker to traverse directories on the system, caused by the lack of a check of whether a file's parent is a symlink in certain complex situations in autoar-extractor.c. n attacker can exploit this vulnerability to modify, create, or delete arbitrary files on the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2020-15719](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719>) \n** DESCRIPTION: **libldap in certain third-party OpenLDAP packages is vulnerable to a man-in-the-middle attack, caused by a certificate-validation flaw when asserting RFC6125 support. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185628](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185628>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-20284](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20284>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3572](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572>) \n** DESCRIPTION: **pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208954>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-42771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771>) \n** DESCRIPTION: **Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing \"dot dot\" sequences (/../) to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2015-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247>) \n** DESCRIPTION: **e2fsprogs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libext2fs library. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100740>) for the current score. \nCVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2008-3106](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to gain unauthorized access, caused by an error in XML data processing. By persuading a victim to download an untrusted applet or application, a remote attacker could gain unauthorized access to certain files and Web pages. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43658>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2008-3110](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) could allow a remote attacker to obtain sensitive information, caused by an error related to scripting language support. By persuading a victim to download an untrusted applet, a remote attacker could obtain information from another applet. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/43661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/43661>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2008-5349](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349>) \n** DESCRIPTION: **Sun Java Runtime Environment (JRE) is vulnerable to a denial of service, caused by an unspecified error while processing RSA public keys. A remote attacker could exploit this vulnerability using a specially-crafted RSA public key to consume all available CPU resources. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/47064](<https://exchange.xforce.ibmcloud.com/vulnerabilities/47064>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-2413](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92489](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92489>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2019-13750](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass defense-in-depth measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172986](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172986>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-13751](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by uninitialized use in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information from process memory. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172987>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-27291](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291>) \n** DESCRIPTION: **pygments is vulnerable to a denial of service. By persuading a victim to open a specially-crafted ODIN file using the \"<\" character, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198308](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198308>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-30682](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30682>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to user sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-16879](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c. By persuading a victim to open a specially crafted terminfo file, an remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135309](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135309>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-2059](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059>) \n** DESCRIPTION: **libidn could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read with stringprep functions on invalid UTF-8. An attacker could exploit this vulnerability to obtain sensitive information from an application using the libidn library. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/104409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-9633](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9633>) \n** DESCRIPTION: **GNOME GLib is vulnerable to a denial of service, caused by the failure to ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-1938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938>) \n** DESCRIPTION: **Mozilla Firefox could provide weaker than expected security, caused by the creation of incorrect calculations in certain cases by the Network Security Services (NSS) mp_div() and mp_exptmod() functions. An attacker could exploit this vulnerability to create cryptographic weaknesses. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110190](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110190>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-4483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing a specially crafted XML file if recover mode is used. By persuading a victim to open a specially crafted XML file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114279](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114279>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-3189](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189>) \n** DESCRIPTION: **Bzip2 is vulnerable to a denial of service, caused by a use-after-free error in the bzip2recover. By persuading a victim to open a specially-crafted bzip2 file, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-13752](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in SQLite. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-13753](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in SQLite. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-2697](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697>) \n** DESCRIPTION: **MIT Kerberos is vulnerable to a denial of service. By sending a TGS request with a specially crafted realm field beginning with a null byte, a remote authenticated attacker could exploit this vulnerability to cause the KDC to crash. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107876>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-42375](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375>) \n** DESCRIPTION: **BusyBox is vulnerable to a denial of service, caused by the incorrect handling of a special element in ash applet when processing a specially crafted shell command. A local authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213528](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213528>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-1010266](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266>) \n** DESCRIPTION: **Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By sending an overly long string, a local attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168402](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168402>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-27645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by double-free in the nameserver caching daemon (nscd). By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-5186](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186>) \n** DESCRIPTION: **Linux Audit Framework could allow a local attacker to obtain sensitive information, caused by the improper handling of escape sequences. An attacker could exploit this vulnerability using the ausearch program to obtain sensitive information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/105894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/105894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-8623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623>) \n** DESCRIPTION: **cURL/libcurl could allow a local attacker to obtain sensitive information, caused by an use-after-free error. By using another thread to structs original cookie together with its strings, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-8035](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xz_decomp function. By using specially-crafted XML data, a local attacker could exploit this vulnerability to cause the process to hang. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/107845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2016-6153](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6153>) \n** DESCRIPTION: **SQLite could allow a local attacker to gain elevated privileges on the system, caused by the creation of temporary files in directory with insecure permissions. An attacker could exploit this vulnerability to obtain leaked data. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/114715](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114715>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-26690](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690>) \n** DESCRIPTION: **Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference. A remote attacker could exploit this vulnerability using a specially crafted Cookie header handled by mod_session to cause the system to crash. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203464](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203464>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-4042](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4042>) \n** DESCRIPTION: **GNU Coreutils is vulnerable to a buffer overflow, caused by improper bounds checking by the keycompare_mb(). By sending an overly long argument, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150816](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150816>) for the current score. \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-1563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7_dataDecode and CMS_decrypt_set1_pkey. By sending an overly large number of messages to be decrypted, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167022>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-1968](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on all encrypted communications sent over that TLS connection. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187977](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187977>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-16429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16429>) \n** DESCRIPTION: **GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149332](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149332>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17594](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17595](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-29623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623>) \n** DESCRIPTION: **Apple macOS, iOS, iPadOS and tvOS could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in WebKit Storage component. By sending a specially-crafted request, an attacker could exploit this vulnerability to fully delete browsing history. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199361>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3200](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3200>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a buffer overflow in the testcase_read function. By persuading a victim to open a specially file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203837](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203837>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13734](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the _nc_safe_strcat function in strings.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131062>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the fmt_entry function in progs/dump_entry.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131061](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131061>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the dump_uses function in progs/dump_entry.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131060](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131060>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13731](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the postprocess_termcap function in parse_entry.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131059](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131059>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the _nc_read_entry_source function in progs/tic.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-13729](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729>) \n** DESCRIPTION: **Ncurses is vulnerable to a denial of service, caused by an illegal address access in the _nc_save_str function in alloc_entry.c. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/131056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/131056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2708](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2708>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Berkeley DB related to the Data Store component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-13012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012>) \n** DESCRIPTION: **GNOME GLib could allow a local attacker to bypass security restrictions, caused by improper permission control in the keyfile settings backend. An attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2017-7244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by an invalid memory read flaw in the _pcre32_xclass function in pcre_xclass.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123729](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123729>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14567](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by an error in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-14404](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference in the xpath.c:xmlXPathCompOpEval() function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147260](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147260>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-19956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-20388](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-8740](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the src/build.c, src/prepare.c. By using a corrupted SQLite3 database file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140476](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140476>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-15286](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15286>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in tableColumnList in shell.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133477](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133477>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-3601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3601>) \n** DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA cert. An attacker could exploit this vulnerability for MITM to any connection from the victim machine. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213731](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213731>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-20266](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20266>) \n** DESCRIPTION: **RPM Project RPM is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the hdrblobInit function in lib/header.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201041](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201041>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2015-0837](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0837>) \n** DESCRIPTION: **Libgcrypt could allow a local attacker to obtain sensitive information, caused by a side-channel attack on data-dependent timing variations. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 2.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110054](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110054>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2017-7407](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407>) \n** DESCRIPTION: **curl could allow a physical attacker to obtain sensitive information, caused by an error in the ourWriteOut function in tool_writeout.c. By reading a workstation screen during use of a --write-out argument ending in a '%' character, an attacker could exploit this vulnerability to obtain sensitive information from process memory. \nCVSS Base score: 2.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125384](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125384>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-1606](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606>) \n** DESCRIPTION: **GnuPG2 is vulnerable to a denial of service, caused by a use-after-free error in build-packet.c when rejecting packets that don't belong into a keyring. By sending specially-crafted data packets, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 1.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101024](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101024>) for the current score. \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2015-1607](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607>) \n** DESCRIPTION: **gnupg2 could allow a local attacker to obtain sensitive information, caused by an information leak in keybox_search.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 1.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101025](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101025>) for the current score. \nCVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.8.1.0 \nCloud Pak for Security (CP4S)| 1.8.0.0 \nCloud Pak for Security (CP4S)| 1.7.2.0 \n \n\n\n## Remediation/Fixes\n\nPlease upgrade to CP4S 1.9.0.0 following instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.9?topic=installing-upgrading-cloud-pak-security-from-18>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Dec 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTDPP\",\"label\":\"IBM Cloud Pak for Security\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.8.1.0, 1.8.0.0, 1.7.2.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T10:19:34", "type": "ibm", "title": "Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3716", "CVE-2008-1191", "CVE-2008-3103", "CVE-2008-3105", "CVE-2008-3106", "CVE-2008-3109", "CVE-2008-3110", "CVE-2008-5347", "CVE-2008-5349", "CVE-2008-5352", "CVE-2008-5358", "CVE-2014-0452", "CVE-2014-2413", "CVE-2015-0247", "CVE-2015-0837", "CVE-2015-1606", "CVE-2015-1607", "CVE-2015-2059", "CVE-2015-2695", "CVE-2015-2696", "CVE-2015-2697", "CVE-2015-3153", "CVE-2015-4041", "CVE-2015-4042", "CVE-2015-5186", "CVE-2015-5218", "CVE-2015-5276", "CVE-2015-7036", "CVE-2015-8035", "CVE-2015-8382", "CVE-2015-8948", "CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2015-8985", "CVE-2015-9251", "CVE-2016-0755", "CVE-2016-10254", "CVE-2016-10255", "CVE-2016-10540", "CVE-2016-10707", "CVE-2016-10735", "CVE-2016-1234", "CVE-2016-1938", "CVE-2016-1951", "CVE-2016-2226", "CVE-2016-2779", "CVE-2016-2781", "CVE-2016-3189", "CVE-2016-4008", "CVE-2016-4429", "CVE-2016-4472", "CVE-2016-4483", "CVE-2016-4487", "CVE-2016-4488", "CVE-2016-4489", "CVE-2016-4490", "CVE-2016-4491", "CVE-2016-4492", "CVE-2016-4493", "CVE-2016-4984", "CVE-2016-5300", "CVE-2016-6153", "CVE-2016-6261", "CVE-2016-6262", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8621", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9074", "CVE-2016-9318", "CVE-2016-9574", "CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000254", "CVE-2017-10140", "CVE-2017-10684", "CVE-2017-10685", "CVE-2017-10790", "CVE-2017-10989", "CVE-2017-11112", "CVE-2017-11113", "CVE-2017-11164", "CVE-2017-11462", "CVE-2017-13685", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-13730", "CVE-2017-13731", "CVE-2017-13732", "CVE-2017-13733", "CVE-2017-13734", "CVE-2017-14062", "CVE-2017-15088", "CVE-2017-15286", "CVE-2017-15671", "CVE-2017-16879", "CVE-2017-16931", "CVE-2017-16932", "CVE-2017-18018", "CVE-2017-6004", "CVE-2017-6891", "CVE-2017-7000", "CVE-2017-7244", "CVE-2017-7245", "CVE-2017-7246", "CVE-2017-7407", "CVE-2017-7500", "CVE-2017-7501", "CVE-2017-7526", "CVE-2017-7607", "CVE-2017-7608", "CVE-2017-7609", "CVE-2017-7610", "CVE-2017-7611", "CVE-2017-7612", "CVE-2017-7613", "CVE-2017-7781", "CVE-2017-8817", "CVE-2017-9233", "CVE-2018-12700", "CVE-2018-14041", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-16429", "CVE-2018-16435", "CVE-2018-17101", "CVE-2018-18074", "CVE-2018-18508", "CVE-2018-20483", "CVE-2018-20676", "CVE-2018-20677", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2018-3721", "CVE-2018-6003", "CVE-2018-8740", "CVE-2018-9234", "CVE-2019-1010266", "CVE-2019-10219", "CVE-2019-11358", "CVE-2019-13012", "CVE-2019-13050", "CVE-2019-13057", "CVE-2019-13115", "CVE-2019-13117", "CVE-2019-13565", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-1563", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-18276", "CVE-2019-18874", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19880", "CVE-2019-19906", "CVE-2019-19924", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20838", "CVE-2019-2708", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-5827", "CVE-2019-8331", "CVE-2019-8457", "CVE-2019-9169", "CVE-2019-9633", "CVE-2019-9924", "CVE-2020-10001", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-12399", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-13558", "CVE-2020-13631", "CVE-2020-13645", "CVE-2020-13956", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-15719", "CVE-2020-16135", "CVE-2020-1752", "CVE-2020-1968", "CVE-2020-24025", "CVE-2020-24370", "CVE-2020-24870", "CVE-2020-24977", "CVE-2020-25219", "CVE-2020-25709", "CVE-2020-25710", "CVE-2020-26154", "CVE-2020-27828", "CVE-2020-27918", "CVE-2020-28168", "CVE-2020-28196", "CVE-2020-28498", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29623", "CVE-2020-35448", "CVE-2020-35492", "CVE-2020-36221", "CVE-2020-36222", "CVE-2020-36223", "CVE-2020-36224", "CVE-2020-36225", "CVE-2020-36226", "CVE-2020-36227", "CVE-2020-36228", "CVE-2020-36229", "CVE-2020-36230", "CVE-2020-36241", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-7595", "CVE-2020-7751", "CVE-2020-7768", "CVE-2020-7774", "CVE-2020-8285", "CVE-2020-8908", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20270", "CVE-2021-20284", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-22924", "CVE-2021-22925", "CVE-2021-22930", "CVE-2021-22931", "CVE-2021-22939", "CVE-2021-22940", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23358", "CVE-2021-23440", "CVE-2021-23840", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-26926", "CVE-2021-26927", "CVE-2021-27212", "CVE-2021-27291", "CVE-2021-27645", "CVE-2021-28092", "CVE-2021-28153", "CVE-2021-28650", "CVE-2021-28957", "CVE-2021-29059", "CVE-2021-29425", "CVE-2021-29921", "CVE-2021-30641", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-3115", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-32838", "CVE-2021-33503", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-3572", "CVE-2021-35942", "CVE-2021-3601", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36159", "CVE-2021-36222", "CVE-2021-3672", "CVE-2021-3711", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3765", "CVE-2021-37714", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3795", "CVE-2021-3796", "CVE-2021-38185", "CVE-2021-40438", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-42374", "CVE-2021-42375", "CVE-2021-42378", "CVE-2021-42379", "CVE-2021-42380", "CVE-2021-42381", "CVE-2021-42382", "CVE-2021-42383", "CVE-2021-42384", "CVE-2021-42385", "CVE-2021-42386", "CVE-2021-42574", "CVE-2021-42771"], "modified": "2022-01-28T10:19:34", "id": "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "href": "https://www.ibm.com/support/pages/node/6551876", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2016-05-12T20:56:11", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: glibc-2.22-16.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706"], "modified": "2016-05-12T20:56:11", "id": "FEDORA:578A16269671", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WENVYEYN5OSQXJQV7L4TQOKH3BODV6PB/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T18:01:37", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: glibc-2.22-15.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9761", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-1234", "CVE-2016-3075"], "modified": "2016-05-10T18:01:37", "id": "FEDORA:64A9D6098B14", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ICIY2WE4MCXHRVFZPY24JZKPAXG4PDIZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:46:42", "description": "Stack-based buffer overflow in the getaddrinfo function in\nsysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)\nallows remote attackers to cause a denial of service (crash) via vectors\ninvolving hostent conversion. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2013-4458.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=20010>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1330887>\n * <https://bugs.launchpad.net/bugs/1674776>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | other versions of fixes in glibc bug report reverted in Ubuntu 12.04 LTS due to breaking IPv6 name resolution\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2016-06-10T00:00:00", "type": "ubuntucve", "title": "CVE-2016-3706", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706"], "modified": "2016-06-10T00:00:00", "id": "UB:CVE-2016-3706", "href": "https://ubuntu.com/security/CVE-2016-3706", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:46:45", "description": "Stack-based buffer overflow in the glob implementation in GNU C Library\n(aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows\ncontext-dependent attackers to cause a denial of service (crash) via a long\nname.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=19779>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1234>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | see glibc bug for reproducer requires malicious fs layout\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-06-01T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1234", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234"], "modified": "2016-06-01T00:00:00", "id": "UB:CVE-2016-1234", "href": "https://ubuntu.com/security/CVE-2016-1234", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:47:32", "description": "Stack-based buffer overflow in the nss_dns implementation of the\ngetnetbyname function in GNU C Library (aka glibc) before 2.24 allows\ncontext-dependent attackers to cause a denial of service (stack consumption\nand application crash) via a long name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-31T00:00:00", "type": "ubuntucve", "title": "CVE-2016-3075", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2016-03-31T00:00:00", "id": "UB:CVE-2016-3075", "href": "https://ubuntu.com/security/CVE-2016-3075", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2021-06-08T19:14:50", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-14T00:00:00", "type": "f5", "title": "SOL05125306 - glibc vulnerability CVE-2016-1234", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234"], "modified": "2016-07-14T00:00:00", "id": "SOL05125306", "href": "http://support.f5.com/kb/en-us/solutions/public/k/05/sol05125306.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:05", "description": "\nF5 Product Development has assigned INSTALLER-2542 (Traffix SDC) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 5.0.0 \n4.0.0 - 4.4.0| None| Low| glibc\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-14T21:03:00", "type": "f5", "title": "glibc vulnerability CVE-2016-1234", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234"], "modified": "2017-03-10T00:27:00", "id": "F5:K05125306", "href": "https://support.f5.com/csp/article/K05125306", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-06-28T14:42:42", "description": "\nF5 Product Development has assigned ID 587756 (BIG-IP), ID 588204 (BIG-IQ), ID 588208 (Enterprise Manager), and ID 476571 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H15439022 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP AAM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.3 | None | Low | glibc \nBIG-IP AFM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.3.0 - 11.6.3 | None | Low | glibc \nBIG-IP Analytics | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 | None | Low | glibc \nBIG-IP APM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP ASM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP DNS | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 | None | Low | glibc \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP GTM | 11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP Link Controller | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.0.0 - 11.6.3 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP PEM | 13.0.0 - 13.1.0 \n12.0.0 - 12.1.3 \n11.3.0 - 11.6.3 | None | Low | glibc \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | glibc \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Low | glibc \nARX | 6.0.0 - 6.4.0 | None | Low | glibc \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Low | glibc \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | glibc \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | glibc \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | glibc \nBIG-IQ ADC | 4.5.0 | None | Low | glibc \nBIG-IQ Centralized Management | 4.6.0 | None | Low | glibc \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | glibc \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 MobileSafe | None | 1.0.0 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\nTo mitigate this vulnerability for BIG-IP, BIG-IQ, and Enterprise Manager, you can remove references to the vulnerable function in any configured custom monitors and disable DNS for networks in the **/etc/nsswitch.conf **file. Additionally, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For more information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nARX\n\nTo mitigate this vulnerability for ARX, you can disable DNS for networks in the Name Service Switch configuration.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-23T19:54:00", "type": "f5", "title": "glibc vulnerability CVE-2016-3075", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2018-01-25T23:13:00", "id": "F5:K15439022", "href": "https://support.f5.com/csp/article/K15439022", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:45:12", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nBIG-IP, BIG-IQ, and Enterprise Manager\n\nTo mitigate this vulnerability for BIG-IP, BIG-IQ, and Enterprise Manager, you can remove references to the vulnerable function in any configured custom monitors and disable DNS for networks in the **/etc/nsswitch.conf **file. Additionally, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For more information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nARX\n\nTo mitigate this vulnerability for ARX, you can disable DNS for networks in the Name Service Switch configuration.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-23T00:00:00", "type": "f5", "title": "SOL15439022 - glibc vulnerability CVE-2016-3075", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2016-06-14T00:00:00", "id": "SOL15439022", "href": "http://support.f5.com/kb/en-us/solutions/public/k/15/sol15439022.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:50", "description": "\nF5 Product Development has assigned ID 602288 (BIG-IP), ID 602550 (BIG-IQ and F5 iWorkflow), ID 602551 (Enterprise Manager), ID 476571 (ARX), and INSTALLER-2517 (Traffix SDC) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H608114 on the **Diagnostics** > **Identified** > **Low** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 14.1.0 | Low | glibc \nBIG-IP AAM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | 14.1.0 | Low | glibc \nBIG-IP AFM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | 14.1.0 | Low | glibc \nBIG-IP Analytics | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 | 14.1.0 | Low | glibc \nBIG-IP APM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 14.1.0 | Low | glibc \nBIG-IP ASM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 14.1.0 | Low | glibc \nBIG-IP DNS | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 | 14.1.0 | Low | glibc \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | glibc \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | glibc \nBIG-IP Link Controller | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 14.1.0 | Low | glibc \nBIG-IP PEM | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.4.0 - 11.6.1 | 14.1.0 | Low | glibc \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Low | glibc \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | glibc \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | glibc \nBIG-IP WebSafe | 14.0.0 \n13.0.0 - 13.1.1 \n12.0.0 - 12.1.3 \n11.6.0 - 11.6.1 | 14.1.0 | Low | glibc \nARX | 6.2.0 - 6.4.0 | None | Low | glibc \nEnterprise Manager | 3.1.1 | None | Low | glibc \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | glibc \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | glibc \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | glibc \nBIG-IQ ADC | 4.5.0 | None | Low | glibc \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | None | Low | glibc \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | glibc \nF5 iWorkflow | 2.0.0 | None | Low | glibc \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 \n4.0.0 - 4.4.0 | None | Low | glibc \n \nF5 will not develop a fix for vulnerable products that do not already have a fixed version listed in this article, and will not update this table with subsequent vulnerable releases in the associated branches. F5 recommends that you update to more recent, non-vulnerable versions whenever feasible. For more information, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2016-08-05T20:12:00", "type": "f5", "title": "glibc vulnerability CVE-2016-3706", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706", "CVE-2013-4458"], "modified": "2019-09-26T18:32:00", "id": "F5:K06493172", "href": "https://support.f5.com/csp/article/K06493172", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-06-08T18:45:13", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2016-08-05T00:00:00", "type": "f5", "title": "SOL06493172 - glibc vulnerability CVE-2016-3706", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706", "CVE-2013-4458"], "modified": "2016-11-02T00:00:00", "id": "SOL06493172", "href": "http://support.f5.com/kb/en-us/solutions/public/k/06/sol06493172.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:31:39", "description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T20:59:00", "type": "cve", "title": "CVE-2016-1234", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234"], "modified": "2021-09-01T18:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:23", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-1234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1234", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:16:24", "description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T20:59:00", "type": "cve", "title": "CVE-2016-3075", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:fedoraproject:fedora:23", "cpe:/a:gnu:glibc:2.23", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "CVE-2016-3075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3075", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:37:05", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-10T15:59:00", "type": "cve", "title": "CVE-2016-3706", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4458", "CVE-2016-3706"], "modified": "2020-10-29T20:19:00", "cpe": ["cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2016-3706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-07-04T05:59:14", "description": "Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T20:59:00", "type": "debiancve", "title": "CVE-2016-1234", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1234"], "modified": "2016-06-01T20:59:00", "id": "DEBIANCVE:CVE-2016-1234", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1234", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T05:59:14", "description": "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T20:59:00", "type": "debiancve", "title": "CVE-2016-3075", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2016-06-01T20:59:00", "id": "DEBIANCVE:CVE-2016-3075", "href": "https://security-tracker.debian.org/tracker/CVE-2016-3075", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-04T05:59:14", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-10T15:59:00", "type": "debiancve", "title": "CVE-2016-3706", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4458", "CVE-2016-3706"], "modified": "2016-06-10T15:59:00", "id": "DEBIANCVE:CVE-2016-3706", "href": "https://security-tracker.debian.org/tracker/CVE-2016-3706", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T16:06:22", "description": "**CentOS Errata and Security Advisory** CESA-2016:2573\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include \"networks: dns\" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/016093.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2573", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-25T15:25:38", "type": "centos", "title": "glibc, nscd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2016-11-25T15:25:38", "id": "CESA-2016:2573", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2016-November/016093.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:44:36", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include \"networks: dns\" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075)\n\nThis issue was discovered by Florian Weimer (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-03T06:07:14", "type": "redhat", "title": "(RHSA-2016:2573) Low: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2018-04-11T23:32:39", "id": "RHSA-2016:2573", "href": "https://access.redhat.com/errata/RHSA-2016:2573", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:27:33", "description": "**Issue Overview:**\n\nA stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include \"networks: dns\" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution.\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 glibc-devel-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-headers-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-utils-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-common-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-debuginfo-common-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 nscd-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-static-2.17-157.169.amzn1.i686 \n \u00a0\u00a0\u00a0 glibc-debuginfo-2.17-157.169.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 glibc-2.17-157.169.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 glibc-debuginfo-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-utils-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 nscd-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-devel-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-debuginfo-common-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-static-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-headers-2.17-157.169.amzn1.x86_64 \n \u00a0\u00a0\u00a0 glibc-common-2.17-157.169.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-06T18:00:00", "type": "amazon", "title": "Low: glibc", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3075"], "modified": "2017-02-06T18:00:00", "id": "ALAS-2017-792", "href": "https://alas.aws.amazon.com/ALAS-2017-792.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "android": [{"lastseen": "2021-07-28T14:34:30", "description": "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.", "edition": 2, "cvss3": {}, "published": "2017-12-01T00:00:00", "title": "CVE-2016-3706", "type": "android", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3706", "CVE-2013-4458"], "modified": "2019-07-26T00:00:00", "id": "ANDROID:CVE-2016-3706", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-3706.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:15:22", "description": "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, \nthe fix for CVE-2016-3706 introduced a regression that in some \ncircumstances prevented IPv6 addresses from resolving. This update \nreverts the change in Ubuntu 12.04 LTS. We apologize for the error.\n\nOriginal advisory details:\n\nIt was discovered that the GNU C Library incorrectly handled the \nstrxfrm() function. An attacker could use this issue to cause a denial \nof service or possibly execute arbitrary code. This issue only affected \nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the \n_IO_wstr_overflow() function of the GNU C Library. An attacker could \nuse this to cause a denial of service or possibly execute arbitrary \ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 \nLTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library \ndid not properly handle certain malformed patterns. An attacker could \nuse this to cause a denial of service. This issue only affected Ubuntu \n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the \nglob implementation of the GNU C Library. An attacker could use this \nto specially craft a directory layout and cause a denial of service. \n(CVE-2016-1234)\n\nMichael Petlan discovered an unbounded stack allocation in the \ngetaddrinfo() function of the GNU C Library. An attacker could use \nthis to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc \nimplementation in the GNU C Library. An attacker could use this to \ncause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the \nGNU C Library did not properly track memory allocations. An attacker \ncould use this to cause a denial of service. This issue only affected \nUbuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit \nplatforms did not properly set up execution contexts. An attacker \ncould use this to cause a denial of service. (CVE-2016-6323)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-24T00:00:00", "type": "ubuntu", "title": "GNU C Library regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8983", "CVE-2015-8984", "CVE-2016-3706", "CVE-2016-5417", "CVE-2016-4429", "CVE-2016-1234", "CVE-2016-6323", "CVE-2015-8982"], "modified": "2017-03-24T00:00:00", "id": "USN-3239-3", "href": "https://ubuntu.com/security/notices/USN-3239-3", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:15:33", "description": "It was discovered that the GNU C Library incorrectly handled the \nstrxfrm() function. An attacker could use this issue to cause a denial \nof service or possibly execute arbitrary code. This issue only affected \nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the \n_IO_wstr_overflow() function of the GNU C Library. An attacker could \nuse this to cause a denial of service or possibly execute arbitrary \ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 \nLTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library \ndid not properly handle certain malformed patterns. An attacker could \nuse this to cause a denial of service. This issue only affected Ubuntu \n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the \nglob implementation of the GNU C Library. An attacker could use this \nto specially craft a directory layout and cause a denial of service. \n(CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS \nresolver of the GNU C Library. An attacker could use this to cause \na denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the \ngetaddrinfo() function of the GNU C Library. An attacker could use \nthis to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc \nimplementation in the GNU C Library. An attacker could use this to \ncause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the \nGNU C Library did not properly track memory allocations. An attacker \ncould use this to cause a denial of service. This issue only affected \nUbuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit \nplatforms did not properly set up execution contexts. An attacker \ncould use this to cause a denial of service. (CVE-2016-6323)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-21T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8983", "CVE-2015-8984", "CVE-2016-3706", "CVE-2016-5417", "CVE-2016-4429", "CVE-2016-1234", "CVE-2016-6323", "CVE-2015-5180", "CVE-2015-8982"], "modified": "2017-03-21T00:00:00", "id": "USN-3239-1", "href": "https://ubuntu.com/security/notices/USN-3239-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:15:33", "description": "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, \nthe fix for CVE-2015-5180 introduced an internal ABI change within \nthe resolver library. This update reverts the change. We apologize \nfor the inconvenience.\n\nPlease note that long-running services that were restarted to compensate \nfor the USN-3239-1 update may need to be restarted again.\n\nOriginal advisory details:\n\nIt was discovered that the GNU C Library incorrectly handled the \nstrxfrm() function. An attacker could use this issue to cause a denial \nof service or possibly execute arbitrary code. This issue only affected \nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the \n_IO_wstr_overflow() function of the GNU C Library. An attacker could \nuse this to cause a denial of service or possibly execute arbitrary \ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 \nLTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library \ndid not properly handle certain malformed patterns. An attacker could \nuse this to cause a denial of service. This issue only affected Ubuntu \n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the \nglob implementation of the GNU C Library. An attacker could use this \nto specially craft a directory layout and cause a denial of service. \n(CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS \nresolver of the GNU C Library. An attacker could use this to cause \na denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the \ngetaddrinfo() function of the GNU C Library. An attacker could use \nthis to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc \nimplementation in the GNU C Library. An attacker could use this to \ncause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the \nGNU C Library did not properly track memory allocations. An attacker \ncould use this to cause a denial of service. This issue only affected \nUbuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit \nplatforms did not properly set up execution contexts. An attacker \ncould use this to cause a denial of service. (CVE-2016-6323)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-21T00:00:00", "type": "ubuntu", "title": "GNU C Library Regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8983", "CVE-2015-8984", "CVE-2016-3706", "CVE-2016-5417", "CVE-2016-4429", "CVE-2016-1234", "CVE-2016-6323", "CVE-2015-5180", "CVE-2015-8982"], "modified": "2017-03-21T00:00:00", "id": "USN-3239-2", "href": "https://ubuntu.com/security/notices/USN-3239-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:27:12", "description": "USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for \nCVE-2014-9761 introduced a regression which affected applications that \nuse the libm library but were not fully restarted after the upgrade. \nThis update removes the fix for CVE-2014-9761 and a future update \nwill be provided to address this issue.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not \nproperly check permissions for tty files. A local attacker could use this \nto gain administrative privileges or expose sensitive information. \n(CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in \nthe GNU C Library did not properly manage its file descriptors. An attacker \ncould use this to cause a denial of service (infinite loop). \n(CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long \narguments to functions returning a representation of Not a Number (NaN). An \nattacker could use this to cause a denial of service (stack exhaustion \nleading to an application crash) or possibly execute arbitrary code. \n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the \nGNU C Library did not properly account buffer sizes when passed an \nunaligned buffer. An attacker could use this to cause a denial of service \nor possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service \nSwitch (NSS) implementation in the GNU C Library did not handle long \nlines in the files databases correctly. A local attacker could use \nthis to cause a denial of service (application crash) or possibly \nexecute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did \nnot properly handle out-of-range argument data. An attacker could use this \nto cause a denial of service (application crash) or possibly expose \nsensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed \nthe pointer-guarding protection mechanism to be disabled by honoring the \nLD_POINTER_GUARD environment variable across privilege boundaries. A local \nattacker could use this to exploit an existing vulnerability more easily. \n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library \ndid not properly check its size argument, leading to an integer overflow. \nAn attacker could use to cause a denial of service (application crash) or \npossibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the \ncatopen function in the GNU C Library when handling long catalog names. An \nattacker could use this to cause a denial of service (application crash) or \npossibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C \nLibrary did not properly handle long names passed as arguments. An attacker \ncould use to cause a denial of service (stack exhaustion leading to an \napplication crash). (CVE-2016-3075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-26T00:00:00", "type": "ubuntu", "title": "GNU C Library regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9761", "CVE-2015-8779", "CVE-2015-8776", "CVE-2016-3075", "CVE-2015-1781", "CVE-2015-5277", "CVE-2016-2856", "CVE-2014-8121", "CVE-2015-8777", "CVE-2015-8778", "CVE-2013-2207"], "modified": "2016-05-26T00:00:00", "id": "USN-2985-2", "href": "https://ubuntu.com/security/notices/USN-2985-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:27:13", "description": "Martin Carpenter discovered that pt_chown in the GNU C Library did not \nproperly check permissions for tty files. A local attacker could use this \nto gain administrative privileges or expose sensitive information. \n(CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in \nthe GNU C Library did not properly manage its file descriptors. An attacker \ncould use this to cause a denial of service (infinite loop). \n(CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long \narguments to functions returning a representation of Not a Number (NaN). An \nattacker could use this to cause a denial of service (stack exhaustion \nleading to an application crash) or possibly execute arbitrary code. \n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the \nGNU C Library did not properly account buffer sizes when passed an \nunaligned buffer. An attacker could use this to cause a denial of service \nor possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service \nSwitch (NSS) implementation in the GNU C Library did not handle long \nlines in the files databases correctly. A local attacker could use \nthis to cause a denial of service (application crash) or possibly \nexecute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did \nnot properly handle out-of-range argument data. An attacker could use this \nto cause a denial of service (application crash) or possibly expose \nsensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed \nthe pointer-guarding protection mechanism to be disabled by honoring the \nLD_POINTER_GUARD environment variable across privilege boundaries. A local \nattacker could use this to exploit an existing vulnerability more easily. \n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library \ndid not properly check its size argument, leading to an integer overflow. \nAn attacker could use to cause a denial of service (application crash) or \npossibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the \ncatopen function in the GNU C Library when handling long catalog names. An \nattacker could use this to cause a denial of service (application crash) or \npossibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C \nLibrary did not properly handle long names passed as arguments. An attacker \ncould use to cause a denial of service (stack exhaustion leading to an \napplication crash). (CVE-2016-3075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-25T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9761", "CVE-2015-8779", "CVE-2015-8776", "CVE-2016-3075", "CVE-2015-1781", "CVE-2015-5277", "CVE-2016-2856", "CVE-2014-8121", "CVE-2015-8777", "CVE-2015-8778", "CVE-2013-2207"], "modified": "2016-05-25T00:00:00", "id": "USN-2985-1", "href": "https://ubuntu.com/security/notices/USN-2985-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:05:40", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information, or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.23-r3\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-19T00:00:00", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9761", "CVE-2015-5277", "CVE-2015-8776", "CVE-2015-8777", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-1234", "CVE-2016-3075"], "modified": "2017-02-19T00:00:00", "id": "GLSA-201702-11", "href": "https://security.gentoo.org/glsa/201702-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-06-19T13:25:01", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for [CVE-2015-5180](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180>) introduced an internal ABI change within the resolver library.\n\nOriginal advisory details:\n\nIt was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. ([CVE-2015-8982](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8982>))\n\nIt was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. ([CVE-2015-8983](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8983>))\n\nIt was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. ([CVE-2015-8984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8984>))\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. ([CVE-2016-1234](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1234>))\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. ([CVE-2015-5180](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180>))\n\nMichael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. ([CVE-2016-3706](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3706>))\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. ([CVE-2016-4429](
[SECURITY] Fedora 24 Update: glibc-2.23.1-7.fc24
