Security Bulletin: IBM CICS TX Standard is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).

2023-02-14T21:14:53

Description

## Summary IBM CICS TX Standard is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918). The fix removes this vulnerability from IBM CICS TX Standard. ## Vulnerability Details ** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) ** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM CICS TX Standard| 11.1 ## Remediation/Fixes IBM strongly recommends addressing the vulnerability by downloading and applying the interim fix from the table below. Product | Version | Defect | Remediation / First Fix ---|---|---|--- IBM CICS TX Standard | 11.1 | 127799 | [Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> "Download the fix from here" ) ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	cics tx	11.1

{"id": "277816ECF65BDD7ABEFFBB92794961F948DCE3AD4AC5AB39251FD27F47EC1D1B", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918). The fix removes this vulnerability from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2023-02-14T21:14:53", "modified": "2023-02-14T21:14:53", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.ibm.com/support/pages/node/6833282", "reporter": "IBM", "references": [], "cvelist": ["CVE-2021-27918"], "immutableFields": [], "lastseen": "2023-02-15T01:33:10", "viewCount": 8, "enchantments": {"score": {"value": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:3076"]}, {"type": "amazon", "idList": ["ALAS2-2022-1830"]}, {"type": "cve", "idList": ["CVE-2021-27918", "CVE-2021-3703"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-27918"]}, {"type": "freebsd", "idList": ["72709326-81F7-11EB-950A-00155D646401"]}, {"type": "gentoo", "idList": ["GLSA-202208-02"]}, {"type": "ibm", "idList": ["1235191EB33863C1E482EB2FBE8EE07837715EFC366FA3ACAF8DD7BA16B54E47", "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "4E2C91D443B2D002C9237F719179663FBF30DE221B227E2997586AC4E37E0210", "5AB78A431B4AE4E03B1DE85F5B614AA79A9A48C4976977DA7F1E07BA0ACE69A6", "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "D910928648A66660B4EF26E5685D05C7C8D269DFFB0ACC4D4B2EDAFF261E4D46", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "E43687480718D62403FAE624926EF4DCB0A894AFF26C5E9C5F75A8D56B17B6E6"]}, {"type": "mageia", "idList": ["MGASA-2021-0369"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1830.NASL", "CENTOS8_RHSA-2021-3076.NASL", "EULEROS_SA-2021-1980.NASL", "EULEROS_SA-2021-2050.NASL", "EULEROS_SA-2021-2061.NASL", "EULEROS_SA-2021-2217.NASL", "FREEBSD_PKG_7270932681F711EB950A00155D646401.NASL", "GENTOO_GLSA-202208-02.NASL", "OPENSUSE-2021-480.NASL", "ORACLELINUX_ELSA-2021-3076.NASL", "ORACLELINUX_ELSA-2021-9267.NASL", "ORACLELINUX_ELSA-2021-9268.NASL", "PHOTONOS_PHSA-2021-3_0-0248_GO.NASL", "PHOTONOS_PHSA-2021-4_0-0013_GO.NASL", "REDHAT-RHSA-2021-3076.NASL", "SUSE_SU-2021-0937-1.NASL", "SUSE_SU-2021-0938-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3076", "ELSA-2021-9267", "ELSA-2021-9268"]}, {"type": "osv", "idList": ["OSV:GO-2021-0234"]}, {"type": "photon", "idList": ["PHSA-2021-0013", "PHSA-2021-0248", "PHSA-2021-0422", "PHSA-2021-3.0-0248", "PHSA-2021-4.0-0013"]}, {"type": "redhat", "idList": ["RHSA-2021:2704", "RHSA-2021:2705", "RHSA-2021:3076", "RHSA-2021:3555", "RHSA-2021:3556"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-27918", "RH:CVE-2021-3703", "RH:CVE-2021-3724"]}, {"type": "rocky", "idList": ["RLSA-2021:3076"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0480-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-27918"]}, {"type": "veracode", "idList": ["VERACODE:29664"]}]}, "affected_software": {"major_version": [{"name": "cics tx", "version": 11}]}, "epss": [{"cve": "CVE-2021-27918", "epss": "0.000810000", "percentile": "0.331100000", "modified": "2023-03-20"}], "vulnersScore": 1.1}, "_state": {"score": 1676425014, "dependencies": 1676424888, "affected_software_major_version": 1677380494, "epss": 1679338714}, "_internal": {"score_hash": "41b91fc15ed21481d89472697a97c6c2"}, "affectedSoftware": [{"version": "11.1", "operator": "eq", "name": "cics tx"}]}

{"debiancve": [{"lastseen": "2022-07-04T05:59:18", "description": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:15:00", "type": "debiancve", "title": "CVE-2021-27918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-03-11T00:15:00", "id": "DEBIANCVE:CVE-2021-27918", "href": "https://security-tracker.debian.org/tracker/CVE-2021-27918", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:45:56", "description": "This update for go1.15 fixes the following issues :\n\ngo1.15.10 (released 2021-03-11) (bsc#1175132)\n\ngo1.15.9 (released 2021-03-10) (bsc#1175132)\n\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0938-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.15", "p-cpe:/a:novell:suse_linux:go1.15-doc", "p-cpe:/a:novell:suse_linux:go1.15-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0938-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0938-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148168);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2021-27918\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:0938-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for go1.15 fixes the following issues :\n\ngo1.15.10 (released 2021-03-11) (bsc#1175132)\n\ngo1.15.9 (released 2021-03-10) (bsc#1175132)\n\n - CVE-2021-27918: Fixed an infinite loop when using\n xml.NewTokenDecoder with a custom TokenReader\n (bsc#1183333).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27918/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210938-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9acb6a57\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-938=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-938=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-938=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-938=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-938=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-938=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-938=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-938=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-938=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-938=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-938=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.15-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.15-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"go1.15-race-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"go1.15-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"go1.15-doc-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"go1.15-race-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"go1.15-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"go1.15-doc-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.15-race-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.15-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.15-doc-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", cpu:\"x86_64\", reference:\"go1.15-race-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"go1.15-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"go1.15-doc-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.15-race-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.15-1.15.10-1.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.15-doc-1.15.10-1.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.15\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:48:30", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9267 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-29T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : olcne (ELSA-2021-9267)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2022-09-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:conmon", "p-cpe:/a:oracle:linux:coredns", "p-cpe:/a:oracle:linux:cri-o", "p-cpe:/a:oracle:linux:cri-tools", "p-cpe:/a:oracle:linux:etcd", "p-cpe:/a:oracle:linux:flannel", "p-cpe:/a:oracle:linux:helm", "p-cpe:/a:oracle:linux:istio", "p-cpe:/a:oracle:linux:istio-istioctl", "p-cpe:/a:oracle:linux:istio-mixc", "p-cpe:/a:oracle:linux:istio-mixs", "p-cpe:/a:oracle:linux:istio-pilot-agent", "p-cpe:/a:oracle:linux:istio-pilot-discovery", "p-cpe:/a:oracle:linux:kata", "p-cpe:/a:oracle:linux:kata-agent", "p-cpe:/a:oracle:linux:kata-image", "p-cpe:/a:oracle:linux:kata-ksm-throttler", "p-cpe:/a:oracle:linux:kata-proxy", "p-cpe:/a:oracle:linux:kata-runtime", "p-cpe:/a:oracle:linux:kata-shim", "p-cpe:/a:oracle:linux:kubeadm", "p-cpe:/a:oracle:linux:kubectl", "p-cpe:/a:oracle:linux:kubelet", "p-cpe:/a:oracle:linux:kubernetes-cni", "p-cpe:/a:oracle:linux:kubernetes-cni-plugins", "p-cpe:/a:oracle:linux:kubernetes-dashboard", "p-cpe:/a:oracle:linux:olcne-agent", "p-cpe:/a:oracle:linux:olcne-api-server", "p-cpe:/a:oracle:linux:olcne-istio-chart", "p-cpe:/a:oracle:linux:olcne-nginx", "p-cpe:/a:oracle:linux:olcne-prometheus-chart", "p-cpe:/a:oracle:linux:olcne-utils", "p-cpe:/a:oracle:linux:olcnectl", "p-cpe:/a:oracle:linux:yq"], "id": "ORACLELINUX_ELSA-2021-9267.NASL", "href": "https://www.tenable.com/plugins/nessus/150061", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9267.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150061);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/22\");\n\n script_cve_id(\"CVE-2021-27918\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"Oracle Linux 8 : olcne (ELSA-2021-9267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9267 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9267.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:coredns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cri-o\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cri-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:flannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:helm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-istioctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-mixc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-mixs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-pilot-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-pilot-discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-ksm-throttler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-shim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubeadm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubectl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubelet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-cni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-cni-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-dashboard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-api-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-istio-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-prometheus-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcnectl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:yq\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'conmon-2.0.20-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'conmon-2.0.20'},\n {'reference':'conmon-2.0.21-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3', 'exists_check':'conmon-2.0.21'},\n {'reference':'coredns-1.7.0-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cri-o-1.18.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cri-o-1.18.'},\n {'reference':'cri-tools-1.18.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'etcd-3.4.3-1.0.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'flannel-0.12.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'helm-3.3.4-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-istioctl-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-mixc-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-mixs-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-pilot-agent-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-pilot-discovery-1.7.3-1.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-1.11.5-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-agent-1.11.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-image-1.11.5-2.2.ol8_202104281558', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-ksm-throttler-1.11.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-proxy-1.11.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-runtime-1.11.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-shim-1.11.5-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubeadm-1.18.18-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubectl-1.18.18-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubelet-1.18.18-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-cni-0.8.0-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-cni-plugins-0.8.7-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-dashboard-2.0.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-agent-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-api-server-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-istio-chart-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-nginx-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-prometheus-chart-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-utils-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcnectl-1.2.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'yq-3.4.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / coredns / cri-o / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:48:11", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9268 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-29T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : olcne (ELSA-2021-9268)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2022-09-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:conmon", "p-cpe:/a:oracle:linux:coredns", "p-cpe:/a:oracle:linux:cri-o", "p-cpe:/a:oracle:linux:cri-tools", "p-cpe:/a:oracle:linux:etcd", "p-cpe:/a:oracle:linux:flannel", "p-cpe:/a:oracle:linux:helm", "p-cpe:/a:oracle:linux:istio", "p-cpe:/a:oracle:linux:istio-istioctl", "p-cpe:/a:oracle:linux:kata", "p-cpe:/a:oracle:linux:kata-agent", "p-cpe:/a:oracle:linux:kata-image", "p-cpe:/a:oracle:linux:kata-ksm-throttler", "p-cpe:/a:oracle:linux:kata-proxy", "p-cpe:/a:oracle:linux:kata-runtime", "p-cpe:/a:oracle:linux:kata-shim", "p-cpe:/a:oracle:linux:kubeadm", "p-cpe:/a:oracle:linux:kubectl", "p-cpe:/a:oracle:linux:kubelet", "p-cpe:/a:oracle:linux:kubernetes-cni", "p-cpe:/a:oracle:linux:kubernetes-cni-plugins", "p-cpe:/a:oracle:linux:kubernetes-dashboard", "p-cpe:/a:oracle:linux:olcne-agent", "p-cpe:/a:oracle:linux:olcne-api-server", "p-cpe:/a:oracle:linux:olcne-istio-chart", "p-cpe:/a:oracle:linux:olcne-nginx", "p-cpe:/a:oracle:linux:olcne-prometheus-chart", "p-cpe:/a:oracle:linux:olcne-utils", "p-cpe:/a:oracle:linux:olcnectl", "p-cpe:/a:oracle:linux:yq"], "id": "ORACLELINUX_ELSA-2021-9268.NASL", "href": "https://www.tenable.com/plugins/nessus/150062", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9268.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150062);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/22\");\n\n script_cve_id(\"CVE-2021-27918\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"Oracle Linux 7 : olcne (ELSA-2021-9268)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9268 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9268.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:coredns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cri-o\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cri-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:flannel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:helm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:istio-istioctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-ksm-throttler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kata-shim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubeadm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubectl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubelet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-cni\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-cni-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kubernetes-dashboard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-api-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-istio-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-prometheus-chart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcne-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:olcnectl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:yq\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'conmon-2.0.20-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'conmon-2.0.20'},\n {'reference':'conmon-2.0.21-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3', 'exists_check':'conmon-2.0.21'},\n {'reference':'coredns-1.7.0-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cri-o-1.18.4-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cri-o-1.18.'},\n {'reference':'cri-tools-1.18.0-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'etcd-3.4.3-1.0.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'flannel-0.12.0-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'helm-3.3.4-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-1.7.3-1.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'istio-istioctl-1.7.3-1.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-1.11.5-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-agent-1.11.5-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-image-1.11.5-2.2.ol7_202104281557', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-ksm-throttler-1.11.5-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-proxy-1.11.5-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-runtime-1.11.5-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kata-shim-1.11.5-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubeadm-1.18.18-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubectl-1.18.18-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubelet-1.18.18-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-cni-0.8.0-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-cni-plugins-0.8.7-2.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-cni-plugins-0.8.7-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kubernetes-dashboard-2.0.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-agent-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-api-server-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-istio-chart-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-nginx-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-prometheus-chart-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcne-utils-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'olcnectl-1.2.3-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'yq-3.4.0-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / coredns / cri-o / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:50:28", "description": "According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1980)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-bin", "p-cpe:/a:huawei:euleros:golang-src", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/151040", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151040);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\n \"CVE-2021-27918\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-1980)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before\n 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of\n an element. This can occur in the Decode,\n DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1980\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ccb86306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.11.2-17.h6.eulerosv2r8\",\n \"golang-bin-1.11.2-17.h6.eulerosv2r8\",\n \"golang-src-1.11.2-17.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:51:16", "description": "According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2050)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-devel", "p-cpe:/a:huawei:euleros:golang-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2050.NASL", "href": "https://www.tenable.com/plugins/nessus/151246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151246);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\n \"CVE-2021-27918\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2050)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before\n 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of\n an element. This can occur in the Decode,\n DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2050\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?29d9bf4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.13.3-10.h7.eulerosv2r9\",\n \"golang-devel-1.13.3-10.h7.eulerosv2r9\",\n \"golang-help-1.13.3-10.h7.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:51:17", "description": "According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2061)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-devel", "p-cpe:/a:huawei:euleros:golang-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2061.NASL", "href": "https://www.tenable.com/plugins/nessus/151243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151243);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\n \"CVE-2021-27918\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-2061)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before\n 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of\n an element. This can occur in the Decode,\n DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2061\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be98a540\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.13.3-10.h7.eulerosv2r9\",\n \"golang-devel-1.13.3-10.h7.eulerosv2r9\",\n \"golang-help-1.13.3-10.h7.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:52:25", "description": "According to the version of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2217)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:golang", "p-cpe:/a:huawei:euleros:golang-bin", "p-cpe:/a:huawei:euleros:golang-src", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2217.NASL", "href": "https://www.tenable.com/plugins/nessus/151776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151776);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2021-27918\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : golang (EulerOS-SA-2021-2217)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the golang packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before\n 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of\n an element. This can occur in the Decode,\n DecodeElement, or Skip method.(CVE-2021-27918)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2217\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?770d402d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"golang-1.13.3-9.h5.eulerosv2r7\",\n \"golang-bin-1.13.3-9.h5.eulerosv2r7\",\n \"golang-src-1.13.3-9.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:26", "description": "This update for go1.15 fixes the following issues :\n\n - go1.15.10 (released 2021-03-11) (bsc#1175132)\n\n - go1.15.9 (released 2021-03-10) (bsc#1175132)\n\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : go1.15 (openSUSE-2021-480)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:go1.15", "p-cpe:/a:novell:opensuse:go1.15-race", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-480.NASL", "href": "https://www.tenable.com/plugins/nessus/148203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-480.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148203);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2021-27918\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"openSUSE Security Update : go1.15 (openSUSE-2021-480)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for go1.15 fixes the following issues :\n\n - go1.15.10 (released 2021-03-11) (bsc#1175132)\n\n - go1.15.9 (released 2021-03-10) (bsc#1175132)\n\n - CVE-2021-27918: Fixed an infinite loop when using\n xml.NewTokenDecoder with a custom TokenReader\n (bsc#1183333).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183333\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected go1.15 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go1.15-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"go1.15-1.15.10-lp152.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"go1.15-race-1.15.10-lp152.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.15 / go1.15-race\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:28", "description": "This update for go1.16 fixes the following issues :\n\ngo1.16.2 (released 2021-03-11) (bsc#1182345)\n\ngo1.16.1 (released 2021-03-10) (bsc#1182345)\n\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).\n\n - CVE-2021-27919: Fixed an issue where archive/zip: can panic when calling Reader.Open (bsc#1183334).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:go1.16", "p-cpe:/a:novell:suse_linux:go1.16-doc", "p-cpe:/a:novell:suse_linux:go1.16-race", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0937-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148139);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2021-27918\", \"CVE-2021-27919\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:0937-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for go1.16 fixes the following issues :\n\ngo1.16.2 (released 2021-03-11) (bsc#1182345)\n\ngo1.16.1 (released 2021-03-10) (bsc#1182345)\n\n - CVE-2021-27918: Fixed an infinite loop when using\n xml.NewTokenDecoder with a custom TokenReader\n (bsc#1183333).\n\n - CVE-2021-27919: Fixed an issue where archive/zip: can\n panic when calling Reader.Open (bsc#1183334).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27918/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27919/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210937-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6ac428f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-937=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:go1.16-race\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.16-race-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.16-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"go1.16-doc-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"go1.16-race-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.16-1.16.2-1.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"go1.16-doc-1.16.2-1.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go1.16\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:25", "description": "The Go project reports :\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element.\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with '../'.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:go", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7270932681F711EB950A00155D646401.NASL", "href": "https://www.tenable.com/plugins/nessus/147697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147697);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\"CVE-2021-27918\", \"CVE-2021-27919\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"FreeBSD : go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open (72709326-81f7-11eb-950a-00155d646401)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Go project reports :\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder provided\nby xml.NewTokenDecoder may enter an infinite loop when operating on a\ncustom xml.TokenReader which returns an EOF in the middle of an open\nXML element.\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP\narchive containing files that start with '../'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://golang.org/issue/44913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://golang.org/issue/44916\"\n );\n # https://vuxml.freebsd.org/freebsd/72709326-81f7-11eb-950a-00155d646401.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d92fa84e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"go<1.16.1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:46:38", "description": "An update of the go package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Go PHSA-2021-4.0-0013", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-3114"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:go", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0013_GO.NASL", "href": "https://www.tenable.com/plugins/nessus/149054", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0013. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149054);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2021-27918\", \"CVE-2021-3114\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"Photon OS 4.0: Go PHSA-2021-4.0-0013\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the go package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-13.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3114\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'go-1.16.2-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'go-md2man-2.0.0-4.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:50:37", "description": "An update of the go package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Go PHSA-2021-3.0-0248", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24553", "CVE-2021-27918", "CVE-2021-3114"], "modified": "2021-08-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:go", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0248_GO.NASL", "href": "https://www.tenable.com/plugins/nessus/150285", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0248. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150285);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/19\");\n\n script_cve_id(\"CVE-2020-24553\", \"CVE-2021-3114\", \"CVE-2021-27918\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n\n script_name(english:\"Photon OS 3.0: Go PHSA-2021-3.0-0248\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the go package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-248.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3114\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'go-1.16.2-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'go-md2man-2.0.0-5.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-24T14:51:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3076 advisory.\n\n - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "RHEL 8 : go-toolset:rhel8 (RHSA-2021:3076)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:delve", "p-cpe:/a:redhat:enterprise_linux:go-toolset", "p-cpe:/a:redhat:enterprise_linux:golang", "p-cpe:/a:redhat:enterprise_linux:golang-bin", "p-cpe:/a:redhat:enterprise_linux:golang-docs", "p-cpe:/a:redhat:enterprise_linux:golang-misc", "p-cpe:/a:redhat:enterprise_linux:golang-race", "p-cpe:/a:redhat:enterprise_linux:golang-src", "p-cpe:/a:redhat:enterprise_linux:golang-tests"], "id": "REDHAT-RHSA-2021-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/152448", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3076. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152448);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-27918\",\n \"CVE-2021-31525\",\n \"CVE-2021-33196\",\n \"CVE-2021-34558\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3076\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0047-S\");\n\n script_name(english:\"RHEL 8 : go-toolset:rhel8 (RHSA-2021:3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3076 advisory.\n\n - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader\n (CVE-2021-27918)\n\n - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-34558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1937901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1958341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1983596\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 400, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'go-toolset:rhel8': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.15.14-1.module+el8.4.0+11833+614b07b8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.15.14-1.module+el8.4.0+11833+614b07b8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.15.14-1.module+el8.4.0+11833+614b07b8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\nif ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:53:46", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3076 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. (CVE-2021-31525)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. (CVE-2021-34558)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : go-toolset:ol8 (ELSA-2021-3076)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:delve", "p-cpe:/a:oracle:linux:go-toolset", "p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-race", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests"], "id": "ORACLELINUX_ELSA-2021-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/152513", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-3076.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152513);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\n \"CVE-2021-27918\",\n \"CVE-2021-31525\",\n \"CVE-2021-33196\",\n \"CVE-2021-34558\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0047-S\");\n\n script_name(english:\"Oracle Linux 8 : go-toolset:ol8 (ELSA-2021-3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-3076 advisory.\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of\n service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each\n be affected in some configurations. (CVE-2021-31525)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an\n X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS\n server to cause a TLS client to panic. (CVE-2021-34558)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's\n header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-3076.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33196\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:delve\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:go-toolset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\nif ('ol8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);\n\nvar appstreams = {\n 'go-toolset:ol8': [\n {'reference':'delve-1.5.0-2.0.1.module+el8.4.0+20021+8a86d991', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'go-toolset-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.15.14-1.module+el8.4.0+20290+7af514f4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.15.14-1.module+el8.4.0+20290+7af514f4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.15.14-1.module+el8.4.0+20290+7af514f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.15.14-1.module+el8.4.0+20290+7af514f4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.15.14-1.module+el8.4.0+20290+7af514f4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:ol8');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / go-toolset / golang / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:53:35", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3076 advisory.\n\n - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "CentOS 8 : go-toolset:rhel8 (CESA-2021:3076)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-12-13T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:delve"], "id": "CENTOS8_RHSA-2021-3076.NASL", "href": "https://www.tenable.com/plugins/nessus/152454", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:3076. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152454);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\n \"CVE-2021-27918\",\n \"CVE-2021-31525\",\n \"CVE-2021-33196\",\n \"CVE-2021-34558\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3076\");\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0047-S\");\n\n script_name(english:\"CentOS 8 : go-toolset:rhel8 (CESA-2021:3076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:3076 advisory.\n\n - golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader\n (CVE-2021-27918)\n\n - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n - golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n - golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3076\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected delve package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:delve\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'delve-1.5.0-2.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-15T04:30:22", "description": "The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1830 advisory.\n\n - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. (CVE-2020-29652)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. (CVE-2021-27919)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. (CVE-2021-33195)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. (CVE-2021-39293)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. (CVE-2022-28327)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : golang (ALAS-2022-1830)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29652", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327"], "modified": "2022-08-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:golang", "p-cpe:/a:amazon:linux:golang-bin", "p-cpe:/a:amazon:linux:golang-docs", "p-cpe:/a:amazon:linux:golang-misc", "p-cpe:/a:amazon:linux:golang-race", "p-cpe:/a:amazon:linux:golang-shared", "p-cpe:/a:amazon:linux:golang-src", "p-cpe:/a:amazon:linux:golang-tests", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1830.NASL", "href": "https://www.tenable.com/plugins/nessus/163918", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1830.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163918);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/16\");\n\n script_cve_id(\n \"CVE-2020-29652\",\n \"CVE-2021-27918\",\n \"CVE-2021-27919\",\n \"CVE-2021-33195\",\n \"CVE-2021-33197\",\n \"CVE-2021-33198\",\n \"CVE-2021-36221\",\n \"CVE-2021-38297\",\n \"CVE-2021-39293\",\n \"CVE-2022-23772\",\n \"CVE-2022-23773\",\n \"CVE-2022-23806\",\n \"CVE-2022-24675\",\n \"CVE-2022-24921\",\n \"CVE-2022-28327\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0040-S\");\n script_xref(name:\"IAVB\", value:\"2022-B-0008-S\");\n script_xref(name:\"IAVB\", value:\"2022-B-0011-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0069-S\");\n\n script_name(english:\"Amazon Linux 2 : golang (ALAS-2022-1830)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of golang installed on the remote host is prior to 1.18.3-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1830 advisory.\n\n - A nil pointer dereference in the golang.org/x/crypto/ssh component through\n v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH\n servers. (CVE-2020-29652)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon\n attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any\n filename. (CVE-2021-27919)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from\n DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to\n the RFC1035 format. (CVE-2021-33195)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from\n net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the\n math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil\n ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function\n invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating\n that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of\n an incomplete fix for CVE-2021-33196. (CVE-2021-39293)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to\n Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to\n be version tags. This can lead to incorrect access control if an actor is supposed to be able to create\n branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return\n true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount\n of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested\n expression. (CVE-2022-24921)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic\n via long scalar input. (CVE-2022-28327)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-29652.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27918.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27919.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33195.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33197.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-33198.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36221.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-38297.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-39293.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23773.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23806.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24675.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24921.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28327.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update golang' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-race\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-shared\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'golang-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-bin-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-docs-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-misc-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-race-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-shared-1.18.3-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-shared-1.18.3-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-src-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'golang-tests-1.18.3-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / etc\");\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-15T00:44:42", "description": "The remote host is affected by the vulnerability described in GLSA-202208-02 (Go: Multiple Vulnerabilities)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. (CVE-2020-28366)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. (CVE-2020-28367)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. (CVE-2021-27919)\n\n - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)\n\n - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.\n (CVE-2021-3114)\n\n - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). (CVE-2021-3115)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. (CVE-2021-31525)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. (CVE-2021-33195)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. (CVE-2021-34558)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.\n (CVE-2021-41771)\n\n - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. (CVE-2021-41772)\n\n - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)\n\n - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file- descriptor exhaustion. (CVE-2021-44717)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)\n\n - Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. (CVE-2022-27536)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. (CVE-2022-28327)\n\n - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.\n (CVE-2022-29526)\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - Automatic update for grafana-8.5.6-1.fc37. ##### **Changelog** ``` * Wed Jun 29 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 8.5.6-1 - update to 8.5.6 tagged upstream community sources, see CHANGELOG - updated license to AGPLv3 - place commented sample config file in /etc/grafana/grafana.ini - enable Go modules in build process - adapt Node.js bundling to yarn v3 and Zero Install feature * Sun Jun 19 2022 Robert-Andr Mauchin <zebob.m@gmail.com> - 7.5.15-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 ``` (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding big.Float and big.Rat types can panic if the encoded message is too short.\n (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T00:00:00", "type": "nessus", "title": "GLSA-202208-02 : Go: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28366", "CVE-2020-28367", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-3115", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-1705", "CVE-2022-1996", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-27191", "CVE-2022-27536", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-29526", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:go", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-02.NASL", "href": "https://www.tenable.com/plugins/nessus/163840", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-02.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163840);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\n \"CVE-2020-28366\",\n \"CVE-2020-28367\",\n \"CVE-2021-3114\",\n \"CVE-2021-3115\",\n \"CVE-2021-27918\",\n \"CVE-2021-27919\",\n \"CVE-2021-29923\",\n \"CVE-2021-31525\",\n \"CVE-2021-33195\",\n \"CVE-2021-33196\",\n \"CVE-2021-33197\",\n \"CVE-2021-33198\",\n \"CVE-2021-34558\",\n \"CVE-2021-36221\",\n \"CVE-2021-38297\",\n \"CVE-2021-41771\",\n \"CVE-2021-41772\",\n \"CVE-2021-44716\",\n \"CVE-2021-44717\",\n \"CVE-2022-1705\",\n \"CVE-2022-23772\",\n \"CVE-2022-23773\",\n \"CVE-2022-23806\",\n \"CVE-2022-24675\",\n \"CVE-2022-24921\",\n \"CVE-2022-27536\",\n \"CVE-2022-28131\",\n \"CVE-2022-28327\",\n \"CVE-2022-29526\",\n \"CVE-2022-30629\",\n \"CVE-2022-30630\",\n \"CVE-2022-30631\",\n \"CVE-2022-30632\",\n \"CVE-2022-30633\",\n \"CVE-2022-30635\",\n \"CVE-2022-32148\",\n \"CVE-2022-32189\"\n );\n script_xref(name:\"IAVB\", value:\"2022-B-0025-S\");\n\n script_name(english:\"GLSA-202208-02 : Go: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-02 (Go: Multiple Vulnerabilities)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. (CVE-2020-28366)\n\n - Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. (CVE-2020-28367)\n\n - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader\n (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,\n DecodeElement, or Skip method. (CVE-2021-27918)\n\n - archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon\n attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any\n filename. (CVE-2021-27919)\n\n - Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address\n octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses,\n because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)\n\n - In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs,\n related to an underflow of the lowest limb during the final complete reduction in the P-224 field.\n (CVE-2021-3114)\n\n - Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code\n execution when using the go get command to fetch modules that make use of cgo (for example, cgo can\n execute a gcc program from an untrusted download). (CVE-2021-3115)\n\n - net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of\n service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each\n be affected in some configurations. (CVE-2021-31525)\n\n - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from\n DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to\n the RFC1035 format. (CVE-2021-33195)\n\n - In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's\n header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from\n net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.\n (CVE-2021-33197)\n\n - In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the\n math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)\n\n - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an\n X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS\n server to cause a TLS client to panic. (CVE-2021-34558)\n\n - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil\n ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)\n\n - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function\n invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)\n\n - ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3\n Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.\n (CVE-2021-41771)\n\n - Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP\n archive containing an invalid name or an empty filename field. (CVE-2021-41772)\n\n - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the\n header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)\n\n - Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or\n unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-\n descriptor exhaustion. (CVE-2021-44717)\n\n - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to\n Uncontrolled Memory Consumption. (CVE-2022-23772)\n\n - cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to\n be version tags. This can lead to incorrect access control if an actor is supposed to be able to create\n branches but not tags. (CVE-2022-23773)\n\n - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return\n true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)\n\n - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount\n of PEM data. (CVE-2022-24675)\n\n - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested\n expression. (CVE-2022-24921)\n\n - Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when\n presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to\n panic. (CVE-2022-27536)\n\n - The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic\n via long scalar input. (CVE-2022-28327)\n\n - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero\n flags parameter, the Faccessat function could incorrectly report that a file is accessible.\n (CVE-2022-29526)\n\n - golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n - Automatic update for grafana-8.5.6-1.fc37. ##### **Changelog** ``` * Wed Jun 29 2022 Andreas Gerstmayr\n <agerstmayr@redhat.com> 8.5.6-1 - update to 8.5.6 tagged upstream community sources, see CHANGELOG -\n updated license to AGPLv3 - place commented sample config file in /etc/grafana/grafana.ini - enable Go\n modules in build process - adapt Node.js bundling to yarn v3 and Zero Install feature * Sun Jun 19 2022\n Robert-Andr Mauchin <zebob.m@gmail.com> - 7.5.15-3 - Rebuilt for CVE-2022-1996, CVE-2022-24675,\n CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 ``` (CVE-2022-30629)\n\n - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n - golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic\n Decoding big.Float and big.Rat types can panic if the encoded message is too short.\n (CVE-2022-32189)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=754210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=766216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=775326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=788640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=794784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=802054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=806659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=807049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=821859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=838130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=843644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=849290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=857822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=862822\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Go users shoud upgrade to the latest version: # emerge --sync # emerge --ask --oneshot\n--verbose >=dev-lang/go-1.18.5 In addition, users using Portage 3.0.9 or later should ensure that packages with\nGo binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:\n# emerge --ask --oneshot --verbose @golang-rebuild\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"dev-lang/go\",\n 'unaffected' : make_list(\"ge 1.18.5\"),\n 'vulnerable' : make_list(\"lt 1.18.5\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Go\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2022-07-12T18:39:53", "description": "helm\n[3.3.4-2]\n- Address CVE-2021-27918\ncoredns\n[1.7.0-1]\n- Added Oracle specific build files\ncri-o\n[1.18.4-2]\n- Fix for CVE-2021-27918\n[1.18.4-1]\n- Added Oracle Specifile Files for cri-o\ncri-tools\n[1.18.0-2]\n- Address CVE-2021-27918\netcd\n[3.4.3-1.0.5]\n- Address CVE-2021-27918\nflannel\n[0.12.0-2]\n- Address CVE-2021-27918\n[0.12.0-1]\n- Release of flannel-0.12.0-1\nyq\n[3.4.0-2]\n- Address CVE-2021-27918\nconmon\n[2.0.20-4]\n- Address CVE-2021-27918\nconmon\n[3:2.0.21-4]\n- Address CVE-2021-27918\nkata-proxy\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-shim\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-runtime\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-ksm-throttler\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-image\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-agent\n[1.11.5-2]\n- Fix for CVE-2021-27918\nkata\n[1.11.5-4]\n- Address CVE-2021-27918\n[1.11.5-3]\n- Support 1.19, 1.20 k8s\nkubernetes-cni-plugins\n[0.8.7-2]\n- Removed BuildArch to support ARM builds\nkubernetes-cni\n[0.8.0-3]\n- Address CVE-2021-27918\nkubernetes-dashboard\n[2.0.3-2]\n- Address CVE-2021-27918\nkubernetes\n[1.18.18-1]\n- Address CVE-2021-27918\nistio\n[1.7.3-1.0.2]\n- Address CVE-2021-27918\n[1.7.3-1.0.1]\n- Run gateway pods as root user to workaround ports lessthan 1024 binding failures\n[1.7.3-1.0.0]\n- Added Oracle Specific Build Files for istio/istio\nolcne\n[1.2.3-9]\n- Updated version for istio-module grafana: v6.7.4-3 and prometheus: v2.20.0-1\n[1.2.3-8]\n- Revert istio version to 1.7.3-1 which has just golang CVE fixes\n[1.2.3-7]\n- Fix k8s update path\n- Update el8 conmon pre-install\n[1.2.3-6]\n- Updated updatepath in kubernetes.yaml and image version in templates\n[1.2.3-5]\n- Added missing info for 1.18.18 in kubernetes.yaml and helm.yaml\n- Updated image repository in templates\n[1.2.3-4]\n- Fix for the failure of kubernetes restore [Orabug: 32310718]\n[1.2.3-3]\n- Address Istio CVE-2021-28683, CVE-2021-28682 & CVE-2021-29258\n[1.2.3-2]\n- fix bug where externalip cidr's can't fully be disabled\n[1.2.3-1]\n- Bug Fix: Update istio module definition to pass instance name for release resource", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-29T00:00:00", "type": "oraclelinux", "title": "olcne security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-05-29T00:00:00", "id": "ELSA-2021-9267", "href": "http://linux.oracle.com/errata/ELSA-2021-9267.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-12T18:39:53", "description": "coredns\n[1.7.0-1]\n- Added Oracle specific build files\ncri-o\n[1.18.4-2]\n- Fix for CVE-2021-27918\n[1.18.4-1]\n- Added Oracle Specifile Files for cri-o\ncri-tools\n[1.18.0-2]\n- Address CVE-2021-27918\netcd\n[3.4.3-1.0.5]\n- Address CVE-2021-27918\nflannel\n[0.12.0-2]\n- Address CVE-2021-27918\nyq\n[3.4.0-2]\n- Address CVE-2021-27918\nconmon\n[2.0.20-4]\n- Address CVE-2021-27918\nconmon\n[3:2.0.21-4]\n- Address CVE-2021-27918\nhelm\n[3.3.4-2]\n- Address CVE-2021-27918\nkata-proxy\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-shim\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-runtime\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-ksm-throttler\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-image\n[1.11.5-2]\n- Address CVE-2021-27918\nkata-agent\n[1.11.5-2]\n- Fix for CVE-2021-27918\nkata\n[1.11.5-4]\n- Address CVE-2021-27918\n[1.11.5-3]\n- Support 1.19, 1.20 k8s\nkubernetes-cni-plugins\n[0.8.7-2]\n- Removed BuildArch to support ARM builds\nkubernetes-cni\n[0.8.0-3]\n- Address CVE-2021-27918\nkubernetes-dashboard\n[2.0.3-2]\n- Address CVE-2021-27918\nkubernetes\n[1.18.18-1]\n- Address CVE-2021-27918\nistio\n[1.7.3-1.0.2]\n- Address CVE-2021-27918\n[1.7.3-1.0.1]\n- Run gateway pods as root user to workaround ports lessthan 1024 binding failures\n[1.7.3-1.0.0]\n- Added Oracle Specific Build Files for istio/istio\nolcne\n[1.2.3-9]\n- Updated version for istio-module grafana: v6.7.4-3 and prometheus: v2.20.0-1\n[1.2.3-8]\n- Revert istio version to 1.7.3-1 which has just golang CVE fixes\n[1.2.3-7]\n- Fix k8s update path\n- Update el8 conmon pre-install\n[1.2.3-6]\n- Updated updatepath in kubernetes.yaml and image version in templates\n[1.2.3-5]\n- Added missing info for 1.18.18 in kubernetes.yaml and helm.yaml\n- Updated image repository in templates\n[1.2.3-4]\n- Fix for the failure of kubernetes restore [Orabug: 32310718]\n[1.2.3-3]\n- Address Istio CVE-2021-28683, CVE-2021-28682 & CVE-2021-29258\n[1.2.3-2]\n- fix bug where externalip cidr's can't fully be disabled\n[1.2.3-1]\n- Bug Fix: Update istio module definition to pass instance name for release resource", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-29T00:00:00", "type": "oraclelinux", "title": "olcne security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-05-29T00:00:00", "id": "ELSA-2021-9268", "href": "http://linux.oracle.com/errata/ELSA-2021-9268.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-12T04:29:29", "description": "golang\n[1.15.14-1]\n- Rebase to go-1.15.14-1-openssl-fips\n- Resolves: rhbz#1982287\n- Addresses CVE-2021-34558\n[1.15.13-4]\n- Related: rhbz#1978567\ngo-toolset\n[1.15.14-1]\n- Rebase to go-1.15.14-1-openssl-fips\n- Resolves: rhbz#1982287\n- Addresses CVE-2021-34558\n[1.15.13-2]\n- Related: rhbz#1978567", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-12T00:00:00", "type": "oraclelinux", "title": "go-toolset:ol8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-08-12T00:00:00", "id": "ELSA-2021-3076", "href": "http://linux.oracle.com/errata/ELSA-2021-3076.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T13:35:33", "description": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite\nloop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the\nmiddle of an element. This can occur in the Decode, DecodeElement, or Skip\nmethod.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "ubuntucve", "title": "CVE-2021-27918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-03-11T00:00:00", "id": "UB:CVE-2021-27918", "href": "https://ubuntu.com/security/CVE-2021-27918", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:10:38", "description": "An update that solves one vulnerability and has one errata\n is now available.\n\nDescription:\n\n This update for go1.15 fixes the following issues:\n\n - go1.15.10 (released 2021-03-11) (bsc#1175132)\n - go1.15.9 (released 2021-03-10) (bsc#1175132)\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder\n with a custom TokenReader (bsc#1183333).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-480=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-27T00:00:00", "type": "suse", "title": "Security update for go1.15 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-03-27T00:00:00", "id": "OPENSUSE-SU-2021:0480-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4PG5AXR4LXEWYU5DHYEVESCXWKO3HFHO/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:15:56", "description": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:15:00", "type": "cve", "title": "CVE-2021-27918", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2022-12-13T16:28:00", "cpe": [], "id": "CVE-2021-27918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27918", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:26:45", "description": "It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-26T16:15:00", "type": "cve", "title": "CVE-2021-3703", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-3703"], "modified": "2022-09-01T16:06:00", "cpe": [], "id": "CVE-2021-3703", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3703", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "veracode": [{"lastseen": "2022-07-26T16:35:52", "description": "github.com/golang/go is vulnerable to denial of service. An infinite loop occurs when using `xml.NewTokenDecoder` with a custom `TokenReader`.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T04:13:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2021-03-18T18:01:58", "id": "VERACODE:29664", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29664/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-15T01:33:26", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918). The fix removes this vulnerability from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2023-02-14T21:04:36", "id": "5AB78A431B4AE4E03B1DE85F5B614AA79A9A48C4976977DA7F1E07BA0ACE69A6", "href": "https://www.ibm.com/support/pages/node/6833284", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:56:07", "description": "## Summary\n\nOperations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919) with details of each below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOperations Dashboard| \n\n2020.4.1-0-eus \n2020.4.1-1-eus \n2021.1.1 \n \n \n\n\n## Remediation/Fixes\n\n**Operations Dashboard version 2020.4.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2020.4.1-2-eus using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2020.4?topic=components-upgrading-operations-dashboard> \n \n**Operations Dashboard version 2021.1.1 in IBM Cloud Pak for Integration** \nUpgrade Operations Dashboard to 2021.2.1 using the Operator upgrade process described in the IBM Documentation \n<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2021.2?topic=runtimes-upgrading-transaction-tracing-troubleshooting> \n\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-24T13:10:56", "type": "ibm", "title": "Security Bulletin: Operations Dashboard is vulnerable to Go vulnerabilities (CVE-2021-27918 and CVE-2021-27919)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-06-24T13:10:56", "id": "D910928648A66660B4EF26E5685D05C7C8D269DFFB0ACC4D4B2EDAFF261E4D46", "href": "https://www.ibm.com/support/pages/node/6466637", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:54:28", "description": "## Summary\n\nIBM Cloud Private is vulnerable to a Go vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with \u201c../\u201d. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198076](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198076>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2012-build600194-41235&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2012\" )\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2012-build600195-41237&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2012\" )\n\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-03T13:39:16", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-09-03T13:39:16", "id": "4E2C91D443B2D002C9237F719179663FBF30DE221B227E2997586AC4E37E0210", "href": "https://www.ibm.com/support/pages/node/6486345", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:43:24", "description": "## Summary\n\nGolang packages are used in IBM Netezza for Cloud Pak for Data. Golang net sub module is vulnerable to denial of service. Vulnerability is addressed by upgrading Golang to version 1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| 11.2.1.0 - 11.2.1.5 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix.**\u200b\n\n**Product**| **Version **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.2.1.6| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.1.6-IF1-WS-ICPDS-NPS-fp14652> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-08T17:39:46", "type": "ibm", "title": "Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to denial of service due to Golang net package (CVE-2021-27918, CVE-2021-44716, CVE-2021-31525)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-44716"], "modified": "2022-08-08T17:39:46", "id": "E43687480718D62403FAE624926EF4DCB0A894AFF26C5E9C5F75A8D56B17B6E6", "href": "https://www.ibm.com/support/pages/node/6610915", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:44:56", "description": "## Summary\n\nGolang packages are used in IBM Netezza Software As A Service. Golang net sub module is vulnerable to denial of service. Vulnerability is addressed by upgrading Golang to version 1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Product**| **Versions;** \n---|--- \nIBM Netezza As A Service | 11.2.2.1 - 11.2.2.2 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix.**\n\n**Product**| **Version **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Netezza As A Service | 11.2.2.3| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.2.3-WS-ICPDS-NPS-fp12089> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-28T11:57:28", "type": "ibm", "title": "Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2022-06-28T11:57:28", "id": "1235191EB33863C1E482EB2FBE8EE07837715EFC366FA3ACAF8DD7BA16B54E47", "href": "https://www.ibm.com/support/pages/node/6599203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:42:32", "description": "## Summary\n\nMultiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14039](<https://vulners.com/cve/CVE-2020-14039>) \n** DESCRIPTION: **Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-15586](<https://vulners.com/cve/CVE-2020-15586>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16845](<https://vulners.com/cve/CVE-2020-16845>) \n** DESCRIPTION: **Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-24553](<https://vulners.com/cve/CVE-2020-24553>) \n** DESCRIPTION: **Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-28362](<https://vulners.com/cve/CVE-2020-28362>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28366](<https://vulners.com/cve/CVE-2020-28366>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191978](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191978>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28367](<https://vulners.com/cve/CVE-2020-28367>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a argument injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191979](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191979>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29923](<https://vulners.com/cve/CVE-2021-29923>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper consideration for extraneous zero characters at the beginning of an IP address octet. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access control based on IP addresses. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207025](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207025>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3114](<https://vulners.com/cve/CVE-2021-3114>) \n** DESCRIPTION: **An unspecified error with the P224() Curve implementation can generate incorrect outputs in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195677](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195677>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33195](<https://vulners.com/cve/CVE-2021-33195>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-33196](<https://vulners.com/cve/CVE-2021-33196>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted archive file, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33197](<https://vulners.com/cve/CVE-2021-33197>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop arbitrary headers, including those set by the ReverseProxy.Director. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-33198](<https://vulners.com/cve/CVE-2021-33198>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the SetString and UnmarshalText methods of math/big.Rat. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207036](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207036>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38297](<https://vulners.com/cve/CVE-2021-38297>) \n** DESCRIPTION: **Golang Go is vulnerable to a buffer overflow, caused by improper bounds checking when invoking functions from WASM modules. By passing very large arguments, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39293](<https://vulners.com/cve/CVE-2021-39293>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By sending a specially-crafted archive header, a remote attacker could exploit this vulnerability to cause a panic, which results in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220196](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220196>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41771](<https://vulners.com/cve/CVE-2021-41771>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the ImportedSymbols function in debug/macho. By using specially-crafted binaries, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41772](<https://vulners.com/cve/CVE-2021-41772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the Reader.Open function. By using a specially-crafted ZIP archive containing an invalid name or an empty filename field, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213019](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213019>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1271](<https://vulners.com/cve/CVE-2022-1271>) \n** DESCRIPTION: **GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the program to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224866>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-26691](<https://vulners.com/cve/CVE-2022-26691>) \n** DESCRIPTION: **Apple macOS Monterey and macOS Big Sur could allow a local authenticated attacker to gain elevated privileges on the system, caused by a logic issue in the CUPS component. By using a specially-crafted application, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227437>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By sending a specially-crafted request with long scalar input, a remote attacker could exploit this vulnerability to cause a panic on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224871](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224871>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-30184](<https://vulners.com/cve/CVE-2022-30184>) \n** DESCRIPTION: **Microsoft .NET and Visual Studio could allow a remote authenticated attacker to obtain sensitive information. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227713](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227713>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-29824](<https://vulners.com/cve/CVE-2022-29824>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an integer overflows in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-25314](<https://vulners.com/cve/CVE-2022-25314>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the copyString function. By sending an overly-long argument, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219946>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-25313](<https://vulners.com/cve/CVE-2022-25313>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by stack exhaustion in build_model. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability using a large nesting depth in the DTD element to cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219947](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219947>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-40528](<https://vulners.com/cve/CVE-2021-40528>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a cross-configuration attack against OpenPGP. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-23648](<https://vulners.com/cve/CVE-2022-23648>) \n** DESCRIPTION: **containerd could allow a remote attacker to obtain sensitive information, caused by a flaw in the CRI implementation. By using a specially-crafted image configuration, an attacker could exploit this vulnerability to access to read-only copies of arbitrary files and directories on the host system, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-31030](<https://vulners.com/cve/CVE-2022-31030>) \n** DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a remote attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228282](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228282>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2015-3627](<https://vulners.com/cve/CVE-2015-3627>) \n** DESCRIPTION: **A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to performing the chroot could allow a local attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability using a specially crafted Dockerfile or image to gain elevated privileges on the system. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103092](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103092>) for the current score. \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Robotic Process Automation for Cloud Pak| 21.0.1, 21.0.2, 21.0.3 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.3.1| Follow [instructions](<https://www.ibm.com/docs/en/rpa/21.0?topic=platform-preparing-applying-upgraded-custom-resource> \"instructions\" ) to update to 21.0.3.1 (21.0.3 IF001) or higher. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T02:03:35", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3627", "CVE-2020-14039", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-24553", "CVE-2020-28362", "CVE-2020-28366", "CVE-2020-28367", "CVE-2020-7919", "CVE-2021-27918", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2021-40528", "CVE-2021-41190", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2022-1271", "CVE-2022-23648", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-26691", "CVE-2022-28327", "CVE-2022-29824", "CVE-2022-30184", "CVE-2022-31030"], "modified": "2022-08-25T02:03:35", "id": "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "href": "https://www.ibm.com/support/pages/node/6615221", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:44:52", "description": "## Summary\n\nIBM has released the following fix for IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11252](<https://vulners.com/cve/CVE-2019-11252>) \n** DESCRIPTION: **Kubernetes kube-controller-manager could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of user credentials in error messages in the mount failure logs and events for AzureFile and CephFS volumes. By gaining access to the log files, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20699](<https://vulners.com/cve/CVE-2018-20699>) \n** DESCRIPTION: **Docker Engine is vulnerable to a denial of service, caused by a dockerd memory consumption issue. By using a large integer in a --cpuset-mems or --cpuset-cpus value, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8555](<https://vulners.com/cve/CVE-2020-8555>) \n** DESCRIPTION: **Kubernetes is vulnerable to server-side request forgery, caused by a flaw in the kube-controller-manager. By using a specially-crafted argument, a remote authenticated attacker could exploit this vulnerability to conduct SSRF attack to leak up to 500 bytes of arbitrary information from unprotected endpoints. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel >= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel >= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8551](<https://vulners.com/cve/CVE-2020-8551>) \n** DESCRIPTION: **Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11840](<https://vulners.com/cve/CVE-2019-11840>) \n** DESCRIPTION: **Golang golang-googlecode-go-crypto could allow a remote attacker to obtain sensitive information, caused by a flaw in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. By generating a specially-crafted keystream, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-43784](<https://vulners.com/cve/CVE-2021-43784>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by an integer overflow in netlink bytemsg length field. By sending a specially-crafted request, an attacker could exploit this vulnerability to override netlink-based container configuration to disable namespace protections entirely. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25737](<https://vulners.com/cve/CVE-2021-25737>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a host network hijacking flaw due to holes in EndpointSlice validation. By redirecting pod traffic to private networks on a Node, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202128](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202128>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-8554](<https://vulners.com/cve/CVE-2020-8554>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using LoadBalancer or ExternalIPs. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to patch the status of a LoadBalancer service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192721>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-25736](<https://vulners.com/cve/CVE-2021-25736>) \n** DESCRIPTION: **Kubernetes kube-proxy for Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the LoadBalancer controller does not set the \"status.loadBalancer.ingress[].ip\" field. An attacker could exploit this vulnerability to obtain traffic information forwarded to the local processes listening on the same port (\"spec.ports[*].port\") as a LoadBalancer Service, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-42248](<https://vulners.com/cve/CVE-2021-42248>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by a flaw in the gjson.Get function. By sending a specially-crafted JSON input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of requests in the API server. By sending a specially crafted proxy request directly to the backend, a remote attacker could exploit this vulnerability to establish a connection to create brokered services and deploy malicious code with elevated privileges. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-17142](<https://vulners.com/cve/CVE-2018-17142>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149973](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149973>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17143](<https://vulners.com/cve/CVE-2018-17143>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36067](<https://vulners.com/cve/CVE-2020-36067>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by slice bounds out of range. By using a specially-crafted GET call, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194240](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194240>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42836](<https://vulners.com/cve/CVE-2021-42836>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted JSON, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11841](<https://vulners.com/cve/CVE-2019-11841>) \n** DESCRIPTION: **Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160985](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160985>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-43565](<https://vulners.com/cve/CVE-2021-43565>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-27191](<https://vulners.com/cve/CVE-2022-27191>) \n** DESCRIPTION: **Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44907](<https://vulners.com/cve/CVE-2021-44907>) \n** DESCRIPTION: **Qs is vulnerable to a denial of service, caused by insufficient sanitization of property in the gs.parse function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222194](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222194>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-1002101](<https://vulners.com/cve/CVE-2017-1002101>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by using subpath volume mounts with any volume type. A remote authenticated attacker could exploit this vulnerability to access files/directories outside of the volume, including the host's filesystem. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140496](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140496>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20206](<https://vulners.com/cve/CVE-2021-20206>) \n** DESCRIPTION: **containernetworking cni could allow a remote authenticated attacker to traverse directories on the system. An attacker could load a specially-crafted network configuration containing \"dot dot\" sequences (/../) in the 'type' field to execute arbitrary files on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-25741](<https://vulners.com/cve/CVE-2021-25741>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange flaw in kubelet. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a container with subpath volume mounts to access files and directories outside of the volume. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-18367](<https://vulners.com/cve/CVE-2017-18367>) \n** DESCRIPTION: **libseccomp-golang could allow a remote attacker to bypass security restrictions, caused by improper handling of multiple syscall arguments. By specifying a single matching argument, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-27813](<https://vulners.com/cve/CVE-2020-27813>) \n** DESCRIPTION: **Gorilla WebSocket is vulnerable to a denial of service, caused by an integer overflow with the length of websocket frames received. By sending a specially-crafted websocket connection request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the HTTP Server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-16886](<https://vulners.com/cve/CVE-2018-16886>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by improper authentication in auth/store.go:AuthInfoFromTLS() when role-based access control (RBAC) is used and client-cert-auth is enabled. By sending a specially crafted REST API request to the gRPC-gateway, an attacker could exploit this vulnerability to bypass authentication. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3538](<https://vulners.com/cve/CVE-2021-3538>) \n** DESCRIPTION: **go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the UUIDs information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-16884](<https://vulners.com/cve/CVE-2019-16884>) \n** DESCRIPTION: **runc could allow a local attacker to bypass security restrictions, caused by a flaw in the libcontainer/rootfs_linux.go. By using a malicious volume, an attacker could exploit this vulnerability to bypass AppArmor restriction. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-10752](<https://vulners.com/cve/CVE-2020-10752>) \n** DESCRIPTION: **OpenShift API Server could allow a remote attacker to obtain sensitive information, caused by the leaking of OAuthTokens to log files when API Server panic occurred. By gaining access to the log files, an attacker could exploit this vulnerability to obtain OAuthTokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-30465](<https://vulners.com/cve/CVE-2021-30465>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange attack. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow host filesystem being bind-mounted into the container. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae On Openshift fix pack releases and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nRelease| Version \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.0 - v11.5.5.0-cn4 \nv11.5.5.1 - v11.5.5.1-cn3 \nv11.5.6.0 - v11.5.6.0-cn5 \nv11.5.7.0 - v11.5.7.0-cn4 \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 10 \nv4.0 through refresh 9 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data release containing the fix for these issues. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v4.0 refresh 9 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Please note: If the affected release is any refresh level of Cloud Pak for Data 3.5, it is strongly recommended to upgrade to Cloud Pak for Data 4.5.0 \nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.7.0-cn5\n\n| \n\n<https://www.ibm.com/docs/en/db2/11.5?topic=1157-upgrading-updating> \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv4.5.0\n\n| \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-29T17:05:30", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1002101", "CVE-2017-18367", "CVE-2018-1002105", "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2018-20699", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11252", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-11840", "CVE-2019-11841", "CVE-2019-16884", "CVE-2020-10752", "CVE-2020-14040", "CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29652", "CVE-2020-36067", "CVE-2020-7919", "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8554", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-9283", "CVE-2021-20206", "CVE-2021-25735", "CVE-2021-25736", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-27918", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-3538", "CVE-2021-41190", "CVE-2021-42248", "CVE-2021-42836", "CVE-2021-43565", "CVE-2021-43784", "CVE-2021-44716", "CVE-2021-44907", "CVE-2022-27191"], "modified": "2022-06-29T17:05:30", "id": "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "href": "https://www.ibm.com/support/pages/node/6599703", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-28T01:37:33", "description": "## Summary\n\nNetcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23450](<https://vulners.com/cve/CVE-2021-23450>) \n** DESCRIPTION: **Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22144](<https://vulners.com/cve/CVE-2021-22144>) \n** DESCRIPTION: **Elasticsearch is vulnerable to a denial of service, caused by an uncontrolled recursion vulnerability in the Elasticsearch Grok parser. By creating a specially crafted Grok query, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31805](<https://vulners.com/cve/CVE-2021-31805>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of specially-crafted data using the %{...} syntax, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223990>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14039](<https://vulners.com/cve/CVE-2020-14039>) \n** DESCRIPTION: **Go could allow a remote attacker to bypass security restrictions, caused by improper validation on the VerifyOptions.KeyUsages EKU requirements during the X.509 certificate verification. An attacker could exploit this vulnerability to gain access to the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-15586](<https://vulners.com/cve/CVE-2020-15586>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16845](<https://vulners.com/cve/CVE-2020-16845>) \n** DESCRIPTION: **Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-24553](<https://vulners.com/cve/CVE-2020-24553>) \n** DESCRIPTION: **Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187776>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-28362](<https://vulners.com/cve/CVE-2020-28362>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191976>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28366](<https://vulners.com/cve/CVE-2020-28366>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191978](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191978>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28367](<https://vulners.com/cve/CVE-2020-28367>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a argument injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191979](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191979>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29923](<https://vulners.com/cve/CVE-2021-29923>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by improper consideration for extraneous zero characters at the beginning of an IP address octet. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access control based on IP addresses. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207025](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207025>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3114](<https://vulners.com/cve/CVE-2021-3114>) \n** DESCRIPTION: **An unspecified error with the P224() Curve implementation can generate incorrect outputs in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195677](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195677>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33195](<https://vulners.com/cve/CVE-2021-33195>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-33196](<https://vulners.com/cve/CVE-2021-33196>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By persuading a victim to open a specially-crafted archive file, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206602](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206602>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33197](<https://vulners.com/cve/CVE-2021-33197>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the ReverseProxy in net/http/httputil. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop arbitrary headers, including those set by the ReverseProxy.Director. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206603](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206603>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-33198](<https://vulners.com/cve/CVE-2021-33198>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the SetString and UnmarshalText methods of math/big.Rat. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a panic or an unrecoverable fatal error, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206604](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206604>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a race condition upon an ErrAbortHandler abort. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a net/http/httputil ReverseProxy panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207036](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207036>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38297](<https://vulners.com/cve/CVE-2021-38297>) \n** DESCRIPTION: **Golang Go is vulnerable to a buffer overflow, caused by improper bounds checking when invoking functions from WASM modules. By passing very large arguments, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211507](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211507>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39293](<https://vulners.com/cve/CVE-2021-39293>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the NewReader and OpenReader functions in archive/zip. By sending a specially-crafted archive header, a remote attacker could exploit this vulnerability to cause a panic, which results in a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220196](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220196>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41771](<https://vulners.com/cve/CVE-2021-41771>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the ImportedSymbols function in debug/macho. By using specially-crafted binaries, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213016>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-41772](<https://vulners.com/cve/CVE-2021-41772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an out-of-bounds slice situation in the Reader.Open function. By using a specially-crafted ZIP archive containing an invalid name or an empty filename field, a remote attacker could exploit this vulnerability to cause a panic, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213019](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213019>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a buffer overflow in the Rat.SetString function in math/big. By sending a specially-crafted request, an attacker could exploit this vulnerability to consume large amount of RAM and cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>) \n** DESCRIPTION: **An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw with IsOnCurve function returns true for invalid field elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to causes a panic in ScalarMult, and results in a denial of condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219444](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219444>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a stack-based buffer overflow in encoding/pem in the Decode feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the program to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224866>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation. By using a specially-crafted deeply nested expression, a remote attacker could exploit this vulnerability to cause a goroutine stack exhaustion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221503](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221503>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. By sending a specially-crafted request with long scalar input, a remote attacker could exploit this vulnerability to cause a panic on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224871](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224871>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2019-10086](<https://vulners.com/cve/CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-29425](<https://vulners.com/cve/CVE-2021-29425>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-21409](<https://vulners.com/cve/CVE-2021-21409>) \n** DESCRIPTION: **Netty is vulnerable to request smuggling, caused by improper validation of request, caused by missing validation of content-length. By sending specially-crafted request, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199150](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199150>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-21295](<https://vulners.com/cve/CVE-2021-21295>) \n** DESCRIPTION: **Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-21290](<https://vulners.com/cve/CVE-2021-21290>) \n** DESCRIPTION: **Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-1000023](<https://vulners.com/cve/CVE-2016-1000023>) \n** DESCRIPTION: **Minimatch is vulnerable to a denial of service, caused by a regular expression of minimatch.js. By using a specially crafted glob pattern, a remote attacker could exploit this vulnerability to cause the application to consume an overly large amount of CPU resources \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118817](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118817>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24839](<https://vulners.com/cve/CVE-2022-24839>) \n** DESCRIPTION: **Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224089](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224089>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24329](<https://vulners.com/cve/CVE-2022-24329>) \n** DESCRIPTION: **JetBrains Kotlin could provide weaker than expected security, caused by failing to lock dependencies for Multiplatform Gradle Projects. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-31566](<https://vulners.com/cve/CVE-2021-31566>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change modes, times, access control lists, and flags of a file on the system to gain elevated privileges. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-3634](<https://vulners.com/cve/CVE-2021-3634>) \n** DESCRIPTION: **libssh is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208281](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208281>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2020-13949](<https://vulners.com/cve/CVE-2020-13949>) \n** DESCRIPTION: **Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause a large memory allocation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196738](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196738>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25878](<https://vulners.com/cve/CVE-2022-25878>) \n** DESCRIPTION: **Node.js protobufjs module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) \n \n** CVEID: **[CVE-2022-0155](<https://vulners.com/cve/CVE-2022-0155>) \n** DESCRIPTION: **follow-redirects could allow a remote attacker to obtain sensitive information, caused by an unauthorized actor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to obtain private personal information and use this information to launch further attacks against the affected system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-0536](<https://vulners.com/cve/CVE-2022-0536>) \n** DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by a leakage of the Authorization header from the same hostname during HTTPS to HTTP redirection. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to obtain Authorization header information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-44878](<https://vulners.com/cve/CVE-2021-44878>) \n** DESCRIPTION: **pac4j could allow a remote attacker to bypass security restrictions, caused by improper validation for ID Tokens with \"none\" algorithm. By injecting a specially-crafted ID token using \"none\" as the value of \"alg\" key, an attacker could exploit this vulnerability to bypass the token validation. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-29622](<https://vulners.com/cve/CVE-2022-29622>) \n** DESCRIPTION: **Node.js Formidable module could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request using the filename parameter, an attacker could exploit this vulnerability to upload a malicious PDF file, which could allow the attacker to execute arbitrary code on the vulnerable system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/226582](<https://exchange.xforce.ibmcloud.com/vulnerabilities/226582>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-17530](<https://vulners.com/cve/CVE-2020-17530>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192743](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192743>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3807](<https://vulners.com/cve/CVE-2021-3807>) \n** DESCRIPTION: **Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24785](<https://vulners.com/cve/CVE-2022-24785>) \n** DESCRIPTION: **Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing \"dot dot\" sequences (/../) to switch arbitrary moment locale. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223451](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223451>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-36327](<https://vulners.com/cve/CVE-2020-36327>) \n** DESCRIPTION: **Bundler could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when choosing a dependency source. By using a specially-crafted gem, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201080](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201080>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22823](<https://vulners.com/cve/CVE-2022-22823>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216907](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216907>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22824](<https://vulners.com/cve/CVE-2022-22824>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25235](<https://vulners.com/cve/CVE-2022-25235>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25236](<https://vulners.com/cve/CVE-2022-25236>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25315](<https://vulners.com/cve/CVE-2022-25315>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22825](<https://vulners.com/cve/CVE-2022-22825>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216905](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216905>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23358](<https://vulners.com/cve/CVE-2021-23358>) \n** DESCRIPTION: **Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the template function. By sending a specially-crafted argument using the variable property, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198958](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198958>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3765](<https://vulners.com/cve/CVE-2021-3765>) \n** DESCRIPTION: **validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212669](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212669>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n\n\n## Remediation/Fixes\n\nNetcool Operations Insight v1.6.6 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nIBM strongly suggests the following remediation / fixes:\n\nPlease go to [https://www.ibm.com/docs/en/noi/1.6.6?topic=installing](<https://www.ibm.com/docs/en/noi/1.6.4?topic=installing>) to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T13:11:39", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2016-1000023", "CVE-2019-10086", "CVE-2020-13949", "CVE-2020-13956", "CVE-2020-14039", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-17530", "CVE-2020-24553", "CVE-2020-28362", "CVE-2020-28366", "CVE-2020-28367", "CVE-2020-36327", "CVE-2020-7919", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-22144", "CVE-2021-23177", "CVE-2021-23358", "CVE-2021-23450", "CVE-2021-27918", "CVE-2021-29425", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-31525", "CVE-2021-31566", "CVE-2021-31805", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-3634", "CVE-2021-3765", "CVE-2021-3807", "CVE-2021-38297", "CVE-2021-39293", "CVE-2021-3999", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44878", "CVE-2022-0155", "CVE-2022-0536", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-23852", "CVE-2022-24329", "CVE-2022-24675", "CVE-2022-24785", "CVE-2022-24839", "CVE-2022-24921", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315", "CVE-2022-25878", "CVE-2022-28327", "CVE-2022-29622"], "modified": "2022-10-25T13:11:39", "id": "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "href": "https://www.ibm.com/support/pages/node/6831813", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-05-30T14:14:05", "description": "The Decode, DecodeElement, and Skip methods of an xml.Decoder\nprovided by xml.NewTokenDecoder may enter an infinite loop when\noperating on a custom xml.TokenReader which returns an EOF in the\nmiddle of an open XML element.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-02-17T17:34:24", "type": "osv", "title": "GO-2021-0234", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2022-05-13T18:33:00", "id": "OSV:GO-2021-0234", "href": "https://osv.dev/vulnerability/GO-2021-0234", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-04-01T12:00:03", "description": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T18:04:02", "type": "redhatcve", "title": "CVE-2021-27918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918"], "modified": "2023-04-01T09:43:10", "id": "RH:CVE-2021-27918", "href": "https://access.redhat.com/security/cve/cve-2021-27918", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-07T23:16:02", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-19T07:33:26", "type": "redhatcve", "title": "CVE-2021-3724", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-3703", "CVE-2021-3724"], "modified": "2023-03-07T22:55:46", "id": "RH:CVE-2021-3724", "href": "https://access.redhat.com/security/cve/cve-2021-3724", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-01T08:15:12", "description": "CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-13T23:23:31", "type": "redhatcve", "title": "CVE-2021-3703", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-3703"], "modified": "2023-04-01T07:27:04", "id": "RH:CVE-2021-3703", "href": "https://access.redhat.com/security/cve/cve-2021-3703", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2023-02-10T03:20:04", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0013", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-3114"], "modified": "2021-04-22T00:00:00", "id": "PHSA-2021-4.0-0013", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-13", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-12T18:57:16", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0013", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-3114"], "modified": "2021-04-22T00:00:00", "id": "PHSA-2021-0013", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-13", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-12T18:42:51", "description": "Updates of ['polkit', 'go'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0248", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24553", "CVE-2020-29510", "CVE-2021-27918", "CVE-2021-3114", "CVE-2021-3560"], "modified": "2021-06-04T00:00:00", "id": "PHSA-2021-0248", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-248", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T05:35:31", "description": "Updates of ['polkit', 'go'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0248", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24553", "CVE-2020-29510", "CVE-2021-27918", "CVE-2021-3114", "CVE-2021-3560"], "modified": "2021-06-04T00:00:00", "id": "PHSA-2021-3.0-0248", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-248", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-01T12:11:16", "description": "Updates of ['mariadb', 'go', 'expat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-03T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0476", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24553", "CVE-2020-28366", "CVE-2020-28367", "CVE-2020-29510", "CVE-2021-27918", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44717", "CVE-2021-46661", "CVE-2021-46663", "CVE-2021-46664", "CVE-2021-46665", "CVE-2021-46668", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-25314", "CVE-2022-25315"], "modified": "2022-03-03T00:00:00", "id": "PHSA-2022-0476", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-476", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nThe Go project reports:\n\nThe Decode, DecodeElement, and Skip methods of an xml.Decoder\n\t provided by xml.NewTokenDecoder may enter an infinite loop when\n\t operating on a custom xml.TokenReader which returns an EOF in the\n\t middle of an open XML element.\n\n\nThe Reader.Open API, new in Go 1.16, will panic when used on a ZIP\n\t archive containing files that start with \"../\".\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-05T00:00:00", "type": "freebsd", "title": "go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-05T00:00:00", "id": "72709326-81F7-11EB-950A-00155D646401", "href": "https://vuxml.freebsd.org/freebsd/72709326-81f7-11eb-950a-00155d646401.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "altlinux": [{"lastseen": "2023-03-31T16:55:01", "description": "March 11, 2021 Alexey Shabalin 1.16.1-alt1\n \n \n - New version (1.16.1).\n - Fixes:\n + CVE-2021-27918\n + CVE-2021-27919\n - Remove test for other platform scripts.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package golang version 1.16.1-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-11T00:00:00", "id": "225BAEAF6219040C50411B22A30E3A60", "href": "https://packages.altlinux.org/en/p10/srpms/golang/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-31T19:17:36", "description": "March 11, 2021 Alexey Shabalin 1.15.9-alt1\n \n \n - New version (1.15.9).\n - Fixes:\n + CVE-2021-27918\n + CVE-2021-27919\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package golang version 1.15.9-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-27919"], "modified": "2021-03-11T00:00:00", "id": "427211E048071EEF6D757312BBC9B9A0", "href": "https://packages.altlinux.org/en/p9/srpms/golang/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:40:16", "description": "Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-07-13T16:30:23", "type": "redhat", "title": "(RHSA-2021:2704) Moderate: Release of OpenShift Serverless Client kn 1.16.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196"], "modified": "2021-07-13T16:50:08", "id": "RHSA-2021:2704", "href": "https://access.redhat.com/errata/RHSA-2021:2704", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:35:36", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nThe following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)\n\n* FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-10T12:00:58", "type": "redhat", "title": "(RHSA-2021:3076) Moderate: go-toolset:rhel8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-08-10T13:02:08", "id": "RHSA-2021:3076", "href": "https://access.redhat.com/errata/RHSA-2021:3076", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-26T18:36:55", "description": "Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 (CVE-2021-3703)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-16T15:05:22", "type": "redhat", "title": "(RHSA-2021:3555) Moderate: Release of OpenShift Serverless Client kn 1.17.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-3703"], "modified": "2021-09-16T15:17:27", "id": "RHSA-2021:3555", "href": "https://access.redhat.com/errata/RHSA-2021:3555", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-13T22:01:01", "description": "Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T16:31:04", "type": "redhat", "title": "(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-27618", "CVE-2020-28196", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-27219", "CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-3326"], "modified": "2021-07-13T16:32:07", "id": "RHSA-2021:2705", "href": "https://access.redhat.com/errata/RHSA-2021:2705", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-13T21:59:07", "description": "Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless\nOperator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703).\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T15:07:32", "type": "redhat", "title": "(RHSA-2021:3556) Moderate: Release of OpenShift Serverless 1.17.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-15358", "CVE-2020-27618", "CVE-2020-28196", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-20271", "CVE-2021-20305", "CVE-2021-27218", "CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-3326", "CVE-2021-3421", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-34558", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3703"], "modified": "2021-09-16T15:08:26", "id": "RHSA-2021:3556", "href": "https://access.redhat.com/errata/RHSA-2021:3556", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:27", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nThe following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)\n\n* FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-10T12:00:58", "type": "almalinux", "title": "Moderate: go-toolset:rhel8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:3076", "href": "https://errata.almalinux.org/8/ALSA-2021-3076.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rocky": [{"lastseen": "2023-02-02T17:11:44", "description": "An update is available for delve, golang, go-toolset.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nGo Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nThe following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)\n\n* FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-10T12:00:58", "type": "rocky", "title": "go-toolset:rhel8 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-34558"], "modified": "2021-08-10T12:00:58", "id": "RLSA-2021:3076", "href": "https://errata.rockylinux.org/RLSA-2021:3076", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method (CVE-2021-27918). net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations (CVE-2021-31525). A security issue has been found in Go before version 1.16.5. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net, and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for instance unsafely included in HTML, they may allow for injection of unexpected content. Note that LookupTXT may still return arbitrary values that could require sanitization before further use (CVE-2021-33195). A security issue has been found in Go. Due to a pre-allocation optimization in zip.NewReader, a malformed archive which indicates it has a significant number of files can cause either a panic or memory exhaustion (CVE-2021-33196). ReverseProxy fails to delete the Connection headers (as well as other legacy hop-by-hop headers, which however per RFC 7230 need to also be specified in Connection) if there are multiple ones and the first is empty, due to an incorrect Get(h) == \"\" check. This can lead to a security issue if the proxy is adding an important header, like X-Forwarded-For, and is sitting in front of another proxy which can be instructed by an attacker to drop that header as a hop-by-hop header (CVE-2021-33197). A security issue has been found in Go before version 1.16.5. The SetString and UnmarshalText methods of math/big.Rat may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198). The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic (CVE-2021-34558). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-25T08:34:17", "type": "mageia", "title": "Updated golang packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558"], "modified": "2021-07-25T08:34:17", "id": "MGASA-2021-0369", "href": "https://advisories.mageia.org/MGASA-2021-0369.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:30:06", "description": "**Issue Overview:**\n\nA null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-29652)\n\nAn infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS). (CVE-2021-27918)\n\nAn out of bounds read vulnerability was found in golang. When using the archive/zip standard library (stdlib) and an unexpected file is parsed, it can cause golang to attempt to read outside of a slice (array) causing a panic in the runtime. A potential attacker can use this vulnerability to craft an archive which causes an application using this library to crash resulting in a Denial of Service (DoS). (CVE-2021-27919)\n\nA flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity. (CVE-2021-33195)\n\nA flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity. (CVE-2021-33197)\n\nA flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability. (CVE-2021-33198)\n\nA race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. (CVE-2021-36221)\n\nA validation flaw was found in golang. When invoking functions from WASM modules built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. The highest threat from this vulnerability is to integrity. (CVE-2021-38297)\n\nA vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could cause a denial of service via memory exhaustion or panic. This particular flaw is an incomplete fix for a previous flaw. (CVE-2021-39293)\n\nRat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)\n\ncmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)\n\nA flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource. (CVE-2022-23806)\n\nA buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB) ), causing a stack overflow in Decode, which leads to a loss of availability. (CVE-2022-24675)\n\nA stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service. (CVE-2022-24921)\n\nAn integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability. (CVE-2022-28327)\n\n \n**Affected Packages:** \n\n\ngolang\n\n \n**Issue Correction:** \nRun _yum update golang_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 golang-bin-1.18.3-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 golang-shared-1.18.3-1.amzn2.aarch64 \n \n noarch: \n \u00a0\u00a0\u00a0 golang-docs-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-misc-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-tests-1.18.3-1.amzn2.noarch \n \u00a0\u00a0\u00a0 golang-src-1.18.3-1.amzn2.noarch \n \n src: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 golang-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-bin-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-shared-1.18.3-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 golang-race-1.18.3-1.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-29652](<https://access.redhat.com/security/cve/CVE-2020-29652>), [CVE-2021-27918](<https://access.redhat.com/security/cve/CVE-2021-27918>), [CVE-2021-27919](<https://access.redhat.com/security/cve/CVE-2021-27919>), [CVE-2021-33195](<https://access.redhat.com/security/cve/CVE-2021-33195>), [CVE-2021-33197](<https://access.redhat.com/security/cve/CVE-2021-33197>), [CVE-2021-33198](<https://access.redhat.com/security/cve/CVE-2021-33198>), [CVE-2021-36221](<https://access.redhat.com/security/cve/CVE-2021-36221>), [CVE-2021-38297](<https://access.redhat.com/security/cve/CVE-2021-38297>), [CVE-2021-39293](<https://access.redhat.com/security/cve/CVE-2021-39293>), [CVE-2022-23772](<https://access.redhat.com/security/cve/CVE-2022-23772>), [CVE-2022-23773](<https://access.redhat.com/security/cve/CVE-2022-23773>), [CVE-2022-23806](<https://access.redhat.com/security/cve/CVE-2022-23806>), [CVE-2022-24675](<https://access.redhat.com/security/cve/CVE-2022-24675>), [CVE-2022-24921](<https://access.redhat.com/security/cve/CVE-2022-24921>), [CVE-2022-28327](<https://access.redhat.com/security/cve/CVE-2022-28327>)\n\nMitre: [CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>), [CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>), [CVE-2021-27919](<https://vulners.com/cve/CVE-2021-27919>), [CVE-2021-33195](<https://vulners.com/cve/CVE-2021-33195>), [CVE-2021-33197](<https://vulners.com/cve/CVE-2021-33197>), [CVE-2021-33198](<https://vulners.com/cve/CVE-2021-33198>), [CVE-2021-36221](<https://vulners.com/cve/CVE-2021-36221>), [CVE-2021-38297](<https://vulners.com/cve/CVE-2021-38297>), [CVE-2021-39293](<https://vulners.com/cve/CVE-2021-39293>), [CVE-2022-23772](<https://vulners.com/cve/CVE-2022-23772>), [CVE-2022-23773](<https://vulners.com/cve/CVE-2022-23773>), [CVE-2022-23806](<https://vulners.com/cve/CVE-2022-23806>), [CVE-2022-24675](<https://vulners.com/cve/CVE-2022-24675>), [CVE-2022-24921](<https://vulners.com/cve/CVE-2022-24921>), [CVE-2022-28327](<https://vulners.com/cve/CVE-2022-28327>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-28T21:55:00", "type": "amazon", "title": "Important: golang", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29652", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-33195", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-39293", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-28327"], "modified": "2022-08-08T18:42:00", "id": "ALAS2-2022-1830", "href": "https://alas.aws.amazon.com/AL2/ALAS-2022-1830.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-08-13T04:35:17", "description": "### Background\n\nGo is an open source programming language that makes it easy to build simple, reliable, and efficient software.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Go users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/go-1.18.5\"\n \n\nIn addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:\n \n \n # emerge --ask --oneshot --verbose @golang-rebuild", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-04T00:00:00", "type": "gentoo", "title": "Go: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28366", "CVE-2020-28367", "CVE-2021-27918", "CVE-2021-27919", "CVE-2021-29923", "CVE-2021-3114", "CVE-2021-3115", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33196", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-36221", "CVE-2021-38297", "CVE-2021-41771", "CVE-2021-41772", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-1705", "CVE-2022-23772", "CVE-2022-23773", "CVE-2022-23806", "CVE-2022-24675", "CVE-2022-24921", "CVE-2022-27536", "CVE-2022-28131", "CVE-2022-28327", "CVE-2022-29526", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189"], "modified": "2022-08-04T00:00:00", "id": "GLSA-202208-02", "href": "https://security.gentoo.org/glsa/202208-02", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}