DATABASE RESOURCES PRICING ABOUT US

{"id": "9AE75CB1A1D3DD100D9064B9CD05456A761753026F2FA396034E23E18AE154DF", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities affect IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data", "description": "## Summary\n\nIBM has released the following fix for IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11252](<https://vulners.com/cve/CVE-2019-11252>) \n** DESCRIPTION: **Kubernetes kube-controller-manager could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of user credentials in error messages in the mount failure logs and events for AzureFile and CephFS volumes. By gaining access to the log files, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20699](<https://vulners.com/cve/CVE-2018-20699>) \n** DESCRIPTION: **Docker Engine is vulnerable to a denial of service, caused by a dockerd memory consumption issue. By using a large integer in a --cpuset-mems or --cpuset-cpus value, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8555](<https://vulners.com/cve/CVE-2020-8555>) \n** DESCRIPTION: **Kubernetes is vulnerable to server-side request forgery, caused by a flaw in the kube-controller-manager. By using a specially-crafted argument, a remote authenticated attacker could exploit this vulnerability to conduct SSRF attack to leak up to 500 bytes of arbitrary information from unprotected endpoints. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &gt;= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel &gt;= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8551](<https://vulners.com/cve/CVE-2020-8551>) \n** DESCRIPTION: **Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11840](<https://vulners.com/cve/CVE-2019-11840>) \n** DESCRIPTION: **Golang golang-googlecode-go-crypto could allow a remote attacker to obtain sensitive information, caused by a flaw in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. By generating a specially-crafted keystream, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-43784](<https://vulners.com/cve/CVE-2021-43784>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by an integer overflow in netlink bytemsg length field. By sending a specially-crafted request, an attacker could exploit this vulnerability to override netlink-based container configuration to disable namespace protections entirely. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25737](<https://vulners.com/cve/CVE-2021-25737>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a host network hijacking flaw due to holes in EndpointSlice validation. By redirecting pod traffic to private networks on a Node, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202128](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202128>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-8554](<https://vulners.com/cve/CVE-2020-8554>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using LoadBalancer or ExternalIPs. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to patch the status of a LoadBalancer service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192721>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-25736](<https://vulners.com/cve/CVE-2021-25736>) \n** DESCRIPTION: **Kubernetes kube-proxy for Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the LoadBalancer controller does not set the \"status.loadBalancer.ingress[].ip\" field. An attacker could exploit this vulnerability to obtain traffic information forwarded to the local processes listening on the same port (\"spec.ports[*].port\") as a LoadBalancer Service, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-42248](<https://vulners.com/cve/CVE-2021-42248>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by a flaw in the gjson.Get function. By sending a specially-crafted JSON input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227236](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227236>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of requests in the API server. By sending a specially crafted proxy request directly to the backend, a remote attacker could exploit this vulnerability to establish a connection to create brokered services and deploy malicious code with elevated privileges. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-17142](<https://vulners.com/cve/CVE-2018-17142>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149973](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149973>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17143](<https://vulners.com/cve/CVE-2018-17143>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by invalid memory address in html package (aka x/net/html). By using a specially-crafted value, a local attacker could exploit this vulnerability to cause a runtime error. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/149972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/149972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-36067](<https://vulners.com/cve/CVE-2020-36067>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by slice bounds out of range. By using a specially-crafted GET call, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194240](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194240>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-42836](<https://vulners.com/cve/CVE-2021-42836>) \n** DESCRIPTION: **GJSON is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted JSON, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11841](<https://vulners.com/cve/CVE-2019-11841>) \n** DESCRIPTION: **Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160985](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160985>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-43565](<https://vulners.com/cve/CVE-2021-43565>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-27191](<https://vulners.com/cve/CVE-2022-27191>) \n** DESCRIPTION: **Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44907](<https://vulners.com/cve/CVE-2021-44907>) \n** DESCRIPTION: **Qs is vulnerable to a denial of service, caused by insufficient sanitization of property in the gs.parse function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222194](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222194>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-1002101](<https://vulners.com/cve/CVE-2017-1002101>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by using subpath volume mounts with any volume type. A remote authenticated attacker could exploit this vulnerability to access files/directories outside of the volume, including the host's filesystem. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/140496](<https://exchange.xforce.ibmcloud.com/vulnerabilities/140496>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20206](<https://vulners.com/cve/CVE-2021-20206>) \n** DESCRIPTION: **containernetworking cni could allow a remote authenticated attacker to traverse directories on the system. An attacker could load a specially-crafted network configuration containing \"dot dot\" sequences (/../) in the 'type' field to execute arbitrary files on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-25741](<https://vulners.com/cve/CVE-2021-25741>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange flaw in kubelet. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a container with subpath volume mounts to access files and directories outside of the volume. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-18367](<https://vulners.com/cve/CVE-2017-18367>) \n** DESCRIPTION: **libseccomp-golang could allow a remote attacker to bypass security restrictions, caused by improper handling of multiple syscall arguments. By specifying a single matching argument, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160136](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160136>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-27813](<https://vulners.com/cve/CVE-2020-27813>) \n** DESCRIPTION: **Gorilla WebSocket is vulnerable to a denial of service, caused by an integer overflow with the length of websocket frames received. By sending a specially-crafted websocket connection request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the HTTP Server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-16886](<https://vulners.com/cve/CVE-2018-16886>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by improper authentication in auth/store.go:AuthInfoFromTLS() when role-based access control (RBAC) is used and client-cert-auth is enabled. By sending a specially crafted REST API request to the gRPC-gateway, an attacker could exploit this vulnerability to bypass authentication. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-3538](<https://vulners.com/cve/CVE-2021-3538>) \n** DESCRIPTION: **go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain the UUIDs information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202922](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202922>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-16884](<https://vulners.com/cve/CVE-2019-16884>) \n** DESCRIPTION: **runc could allow a local attacker to bypass security restrictions, caused by a flaw in the libcontainer/rootfs_linux.go. By using a malicious volume, an attacker could exploit this vulnerability to bypass AppArmor restriction. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-10752](<https://vulners.com/cve/CVE-2020-10752>) \n** DESCRIPTION: **OpenShift API Server could allow a remote attacker to obtain sensitive information, caused by the leaking of OAuthTokens to log files when API Server panic occurred. By gaining access to the log files, an attacker could exploit this vulnerability to obtain OAuthTokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-30465](<https://vulners.com/cve/CVE-2021-30465>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange attack. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow host filesystem being bind-mounted into the container. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAll platforms of the following IBM\u00ae Db2\u00ae On Openshift fix pack releases and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data refresh levels are affected:\n\nRelease| Version \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.5.0 - v11.5.5.0-cn4 \nv11.5.5.1 - v11.5.5.1-cn3 \nv11.5.6.0 - v11.5.6.0-cn5 \nv11.5.7.0 - v11.5.7.0-cn4 \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv3.5 through refresh 10 \nv4.0 through refresh 9 \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data release containing the fix for these issues. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v4.0 refresh 9 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Please note: If the affected release is any refresh level of Cloud Pak for Data 3.5, it is strongly recommended to upgrade to Cloud Pak for Data 4.5.0 \nProduct| Fixed in Fix Pack| Instructions \n---|---|--- \nIBM\u00ae Db2\u00ae On Openshift| \n\nv11.5.7.0-cn5\n\n| \n\n<https://www.ibm.com/docs/en/db2/11.5?topic=1157-upgrading-updating> \n \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| \n\nv4.5.0\n\n| \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-06-29T17:05:30", "modified": "2022-06-29T17:05:30", "epss": [{"cve": "CVE-2017-1002101", "epss": 0.00131, "percentile": 0.46804, "modified": "2023-06-06"}, {"cve": "CVE-2017-18367", "epss": 0.00238, "percentile": 0.60521, "modified": "2023-06-05"}, {"cve": "CVE-2018-1002105", "epss": 0.68242, "percentile": 0.97488, "modified": "2023-06-06"}, {"cve": "CVE-2018-1098", "epss": 0.0027, "percentile": 0.63075, "modified": "2023-06-06"}, {"cve": "CVE-2018-1099", "epss": 0.00068, "percentile": 0.27766, "modified": "2023-06-06"}, {"cve": "CVE-2018-16886", "epss": 0.018, "percentile": 0.86355, "modified": "2023-06-06"}, {"cve": "CVE-2018-17142", "epss": 0.00125, "percentile": 0.45798, "modified": "2023-06-06"}, {"cve": "CVE-2018-17143", "epss": 0.00285, "percentile": 0.64081, "modified": "2023-06-06"}, {"cve": "CVE-2018-17846", "epss": 0.00204, "percentile": 0.57091, "modified": "2023-06-06"}, {"cve": "CVE-2018-17847", "epss": 0.00143, "percentile": 0.48844, "modified": "2023-06-06"}, {"cve": "CVE-2018-17848", "epss": 0.00158, "percentile": 0.50996, "modified": "2023-06-06"}, {"cve": "CVE-2018-20699", "epss": 0.00097, "percentile": 0.39324, "modified": "2023-06-06"}, {"cve": "CVE-2019-1002101", "epss": 0.00072, "percentile": 0.29384, "modified": "2023-06-06"}, {"cve": "CVE-2019-11246", "epss": 0.00081, "percentile": 0.33316, "modified": "2023-06-06"}, {"cve": "CVE-2019-11247", "epss": 0.00147, "percentile": 0.49566, "modified": "2023-06-06"}, {"cve": "CVE-2019-11249", "epss": 0.00162, "percentile": 0.51536, "modified": "2023-06-06"}, {"cve": "CVE-2019-11250", "epss": 0.00112, "percentile": 0.43316, "modified": "2023-06-06"}, {"cve": "CVE-2019-11251", "epss": 0.0005, "percentile": 0.16909, "modified": "2023-06-06"}, {"cve": "CVE-2019-11252", "epss": 0.00065, "percentile": 0.26629, "modified": "2023-06-06"}, {"cve": "CVE-2019-11253", "epss": 0.01087, "percentile": 0.82258, "modified": "2023-06-06"}, {"cve": "CVE-2019-11254", "epss": 0.00101, "percentile": 0.40265, "modified": "2023-06-06"}, {"cve": "CVE-2019-11840", "epss": 0.00793, "percentile": 0.79152, "modified": "2023-06-06"}, {"cve": "CVE-2019-11841", "epss": 0.00403, "percentile": 0.69931, "modified": "2023-06-06"}, {"cve": "CVE-2019-16884", "epss": 0.00239, "percentile": 0.60611, "modified": "2023-06-06"}, {"cve": "CVE-2020-10752", "epss": 0.00104, "percentile": 0.41381, "modified": "2023-06-06"}, {"cve": "CVE-2020-14040", "epss": 0.00105, "percentile": 0.41686, "modified": "2023-06-06"}, {"cve": "CVE-2020-15106", "epss": 0.00065, "percentile": 0.26833, "modified": "2023-06-06"}, {"cve": "CVE-2020-15112", "epss": 0.00065, "percentile": 0.26833, "modified": "2023-06-06"}, {"cve": "CVE-2020-15113", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-26160", "epss": 0.00175, "percentile": 0.53338, "modified": "2023-06-06"}, {"cve": "CVE-2020-27813", "epss": 0.00321, "percentile": 0.663, "modified": "2023-06-06"}, {"cve": "CVE-2020-28851", "epss": 0.00101, "percentile": 0.40311, "modified": "2023-06-06"}, {"cve": "CVE-2020-28852", "epss": 0.00104, "percentile": 0.41438, "modified": "2023-06-06"}, {"cve": "CVE-2020-29652", "epss": 0.00578, "percentile": 0.74928, "modified": "2023-06-06"}, {"cve": "CVE-2020-36067", "epss": 0.00089, "percentile": 0.36945, "modified": "2023-06-06"}, {"cve": "CVE-2020-7919", "epss": 0.00824, "percentile": 0.79533, "modified": "2023-06-06"}, {"cve": "CVE-2020-8551", "epss": 0.00112, "percentile": 0.43424, "modified": "2023-06-06"}, {"cve": "CVE-2020-8552", "epss": 0.00104, "percentile": 0.41403, "modified": "2023-06-06"}, {"cve": "CVE-2020-8554", "epss": 0.00131, "percentile": 0.46732, "modified": "2023-06-06"}, {"cve": "CVE-2020-8555", "epss": 0.00099, "percentile": 0.39972, "modified": "2023-06-06"}, {"cve": "CVE-2020-8557", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-8559", "epss": 0.00329, "percentile": 0.6669, "modified": "2023-06-06"}, {"cve": "CVE-2020-8564", "epss": 0.00047, "percentile": 0.14272, "modified": "2023-06-06"}, {"cve": "CVE-2020-8565", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-9283", "epss": 0.07088, "percentile": 0.92985, "modified": "2023-06-06"}, {"cve": "CVE-2021-20206", "epss": 0.00133, "percentile": 0.47175, "modified": "2023-05-27"}, {"cve": "CVE-2021-25735", "epss": 0.00068, "percentile": 0.28077, "modified": "2023-05-27"}, {"cve": "CVE-2021-25737", "epss": 0.0006, "percentile": 0.23615, "modified": "2023-05-27"}, {"cve": "CVE-2021-25741", "epss": 0.0012, "percentile": 0.44859, "modified": "2023-05-27"}, {"cve": "CVE-2021-27918", "epss": 0.00081, "percentile": 0.33412, "modified": "2023-05-27"}, {"cve": "CVE-2021-30465", "epss": 0.00162, "percentile": 0.51496, "modified": "2023-05-27"}, {"cve": "CVE-2021-3121", "epss": 0.0037, "percentile": 0.68589, "modified": "2023-05-27"}, {"cve": "CVE-2021-31525", "epss": 0.00315, "percentile": 0.6586, "modified": "2023-05-27"}, {"cve": "CVE-2021-33194", "epss": 0.00108, "percentile": 0.42471, "modified": "2023-05-23"}, {"cve": "CVE-2021-3538", "epss": 0.00212, "percentile": 0.57666, "modified": "2023-05-23"}, {"cve": "CVE-2021-41190", "epss": 0.00124, "percentile": 0.45502, "modified": "2023-05-23"}, {"cve": "CVE-2021-42248", "epss": 0.00053, "percentile": 0.18961, "modified": "2023-05-23"}, {"cve": "CVE-2021-42836", "epss": 0.00132, "percentile": 0.46866, "modified": "2023-05-23"}, {"cve": "CVE-2021-43565", "epss": 0.00046, "percentile": 0.14051, "modified": "2023-05-23"}, {"cve": "CVE-2021-43784", "epss": 0.00163, "percentile": 0.51619, "modified": "2023-05-23"}, {"cve": "CVE-2021-44716", "epss": 0.0012, "percentile": 0.44969, "modified": "2023-05-23"}, {"cve": "CVE-2022-27191", "epss": 0.00214, "percentile": 0.58121, "modified": "2023-06-03"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/6599703", "reporter": "IBM", "references": [], "cvelist": ["CVE-2017-1002101", "CVE-2017-18367", "CVE-2018-1002105", "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2018-20699", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11252", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-11840", "CVE-2019-11841", "CVE-2019-16884", "CVE-2020-10752", "CVE-2020-14040", "CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29652", "CVE-2020-36067", "CVE-2020-7919", "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8554", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-9283", "CVE-2021-20206", "CVE-2021-25735", "CVE-2021-25736", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-27918", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-3538", "CVE-2021-41190", "CVE-2021-42248", "CVE-2021-42836", "CVE-2021-43565", "CVE-2021-43784", "CVE-2021-44716", "CVE-2021-44907", "CVE-2022-27191"], "immutableFields": [], "lastseen": "2023-06-06T17:48:48", "viewCount": 22, "enchantments": {"score": {"value": 10.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:4269", "ALSA-2020:4694", "ALSA-2021:1796", "ALSA-2021:2291", "ALSA-2021:2370", "ALSA-2021:2371", "ALSA-2021:3076", "ALSA-2021:5160", "ALSA-2022:0001", "ALSA-2022:7129", "ALSA-2022:7469", "ALSA-2022:7954", "ALSA-2022:8008"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-11247", "ALPINE:CVE-2019-11249", "ALPINE:CVE-2019-11253", "ALPINE:CVE-2019-16884", "ALPINE:CVE-2020-26160", "ALPINE:CVE-2020-7919", "ALPINE:CVE-2020-8554", "ALPINE:CVE-2020-8555", "ALPINE:CVE-2020-8557", "ALPINE:CVE-2020-8559", "ALPINE:CVE-2021-20206", "ALPINE:CVE-2021-25735", "ALPINE:CVE-2021-27918", "ALPINE:CVE-2021-30465", "ALPINE:CVE-2021-3121", "ALPINE:CVE-2021-31525", "ALPINE:CVE-2021-41190", "ALPINE:CVE-2021-43784", "ALPINE:CVE-2021-44716", "ALPINE:CVE-2022-27191"]}, {"type": "altlinux", "idList": ["1BCE185984CEA46B5266909276324BE5", "225BAEAF6219040C50411B22A30E3A60", "2A5C8E1CD670CCF05D3DED86E993AF9F", "33B15C77B2A947E3AE7EAC86C2FE30F0", "347B46806EF5625410557555E98A78DF", "3D6109A60B19BEDCFDA4997349865C7F", "41C5FC4C4F4A371C0963445F6AFC1604", "427211E048071EEF6D757312BBC9B9A0", "4563AAE62B241C3F2A51469428DEFB73", "494D369258EDCF31E2C7387676295FD5", "4A1420139BDCDC9849F6B8324FA29F08", "C94855F0CAD1268D159D039A0924D961", "C9DDB54C93385727F9EE59EE06BB452E", "DFB37E36E296230C0FE567008621CB5B", "F9DBDDAAE450FB80768A9F89D06A7197"]}, {"type": "amazon", "idList": ["ALAS-2020-1436", "ALAS-2021-1499", "ALAS-2021-1512", "ALAS-2021-1551", "ALAS-2021-1556", "ALAS-2022-1583", "ALAS-2022-1635", "ALAS2-2020-1494", "ALAS2-2021-1657", "ALAS2-2022-1776", "ALAS2-2022-1811", "ALAS2-2022-1830", "ALAS2-2022-1846", "ALAS2-2022-1847", "ALAS2-2022-1858", "ALAS2-2022-1859", "ALAS2-2022-1860", "ALAS2-2022-1861", "ALAS2-2022-1862", "ALAS2-2022-1863", "ALAS2-2022-1864", "ALAS2-2022-1865"]}, {"type": "archlinux", "idList": ["ASA-202003-4", "ASA-202105-17", "ASA-202106-29"]}, {"type": "attackerkb", "idList": ["AKB:25AFF8B2-5B01-4BEA-98F9-B81F4D22B8D6", "AKB:3C42D63D-858B-4BE3-8C0E-3423577B453B", "AKB:C6953E35-2936-4A2E-B35B-226A4E42D556"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1443", "CPAI-2020-1032"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:437FDB6925E638FB80EAEE4E5CB1B5AC", "CFOUNDRY:DB19110DAE18C4BA41C1BD8688F693E2", "CFOUNDRY:EA67693B685CCB29E0632BADD4CBDC89"]}, {"type": "cnvd", "idList": ["CNVD-2022-10723", "CNVD-2022-77485"]}, {"type": "coalfire", "idList": ["COALFIRE:D93AAC6D87124CC1032AC4DDE0C8780E"]}, {"type": "cve", "idList": ["CVE-2017-1002101", "CVE-2017-18367", "CVE-2018-1002105", "CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2018-20699", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11252", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-11840", "CVE-2019-11841", "CVE-2019-16884", "CVE-2020-10752", "CVE-2020-14040", "CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29652", "CVE-2020-36067", "CVE-2020-7919", "CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8554", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559", "CVE-2020-8562", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-9283", "CVE-2021-20206", "CVE-2021-25735", "CVE-2021-25737", "CVE-2021-25741", "CVE-2021-27918", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-3538", "CVE-2021-3703", "CVE-2021-41190", "CVE-2021-42248", "CVE-2021-42836", "CVE-2021-43565", "CVE-2021-43784", "CVE-2021-44716", "CVE-2021-44907", "CVE-2022-27191"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1840-1:11578", "DEBIAN:DLA-1920-1:B0E25", "DEBIAN:DLA-2320-1:E8D1B", "DEBIAN:DLA-2402-1:C1E9C", "DEBIAN:DLA-2442-1:D22D5", "DEBIAN:DLA-2453-1:06602", "DEBIAN:DLA-2454-1:AF3C6", "DEBIAN:DLA-2455-1:AB97D", "DEBIAN:DLA-2520-1:EDD6A", "DEBIAN:DLA-2527-1:25D2D", "DEBIAN:DLA-2841-1:64209", "DEBIAN:DLA-2891-1:8649E", "DEBIAN:DLA-2892-1:1F462", "DEBIAN:DLA-3322-1:FC56F", "DEBIAN:DSA-4848-1:D81AC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-1002101", "DEBIANCVE:CVE-2017-18367", "DEBIANCVE:CVE-2018-1002105", "DEBIANCVE:CVE-2018-1098", "DEBIANCVE:CVE-2018-1099", "DEBIANCVE:CVE-2018-16886", "DEBIANCVE:CVE-2018-17142", "DEBIANCVE:CVE-2018-17143", "DEBIANCVE:CVE-2018-17846", "DEBIANCVE:CVE-2018-17847", "DEBIANCVE:CVE-2018-17848", "DEBIANCVE:CVE-2018-20699", "DEBIANCVE:CVE-2019-1002101", "DEBIANCVE:CVE-2019-11246", "DEBIANCVE:CVE-2019-11247", "DEBIANCVE:CVE-2019-11249", "DEBIANCVE:CVE-2019-11250", "DEBIANCVE:CVE-2019-11251", "DEBIANCVE:CVE-2019-11252", "DEBIANCVE:CVE-2019-11253", "DEBIANCVE:CVE-2019-11254", "DEBIANCVE:CVE-2019-11840", "DEBIANCVE:CVE-2019-11841", "DEBIANCVE:CVE-2019-16884", "DEBIANCVE:CVE-2020-14040", "DEBIANCVE:CVE-2020-15106", "DEBIANCVE:CVE-2020-15112", "DEBIANCVE:CVE-2020-15113", "DEBIANCVE:CVE-2020-26160", "DEBIANCVE:CVE-2020-27813", "DEBIANCVE:CVE-2020-28851", "DEBIANCVE:CVE-2020-28852", "DEBIANCVE:CVE-2020-29652", "DEBIANCVE:CVE-2020-36067", "DEBIANCVE:CVE-2020-7919", "DEBIANCVE:CVE-2020-8551", "DEBIANCVE:CVE-2020-8552", "DEBIANCVE:CVE-2020-8554", "DEBIANCVE:CVE-2020-8555", "DEBIANCVE:CVE-2020-8557", "DEBIANCVE:CVE-2020-8559", "DEBIANCVE:CVE-2020-8562", "DEBIANCVE:CVE-2020-8564", "DEBIANCVE:CVE-2020-8565", "DEBIANCVE:CVE-2020-9283", "DEBIANCVE:CVE-2021-20206", "DEBIANCVE:CVE-2021-25735", "DEBIANCVE:CVE-2021-25736", "DEBIANCVE:CVE-2021-25737", "DEBIANCVE:CVE-2021-25741", "DEBIANCVE:CVE-2021-27918", "DEBIANCVE:CVE-2021-30465", "DEBIANCVE:CVE-2021-3121", "DEBIANCVE:CVE-2021-31525", "DEBIANCVE:CVE-2021-33194", "DEBIANCVE:CVE-2021-3538", "DEBIANCVE:CVE-2021-42248", "DEBIANCVE:CVE-2021-42836", "DEBIANCVE:CVE-2021-43565", "DEBIANCVE:CVE-2021-43784", "DEBIANCVE:CVE-2021-44716", "DEBIANCVE:CVE-2022-27191"]}, {"type": "exploitdb", "idList": ["EDB-ID:46052", "EDB-ID:46053", "EDB-ID:48121"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:506564B8B921FABB6887F0B08F3361D8", "EXPLOITPACK:BBAC75CC4F436EA7C87BF4A93573E140", "EXPLOITPACK:EA786C17710A442C23153DFE02E06789"]}, {"type": "f5", "idList": ["F5:K33820305", "F5:K55518036"]}, {"type": "fedora", "idList": ["FEDORA:0031930683FA", "FEDORA:0036B307251B", "FEDORA:0049730680FF", "FEDORA:0095F30BF557", "FEDORA:00E3C30BF6B2", "FEDORA:0113E30687AB", "FEDORA:01A1130BF696", "FEDORA:01E1130CBD67", "FEDORA:025C230BF689", "FEDORA:0286A30CC2E2", "FEDORA:02B93304938D", "FEDORA:02E9C3099AF7", "FEDORA:03233304C3D1", "FEDORA:0365E30680FF", "FEDORA:038CF304C819", "FEDORA:03B0F3072535", "FEDORA:0456260427FD", "FEDORA:0464A30683FA", "FEDORA:057DA30ACC3C", "FEDORA:066AE30683FA", "FEDORA:0701230BF696", "FEDORA:077C53057960", "FEDORA:07B5E304C819", "FEDORA:07D9E30BF566", "FEDORA:07FDE30BF685", "FEDORA:08C493072535", "FEDORA:094A3304C3D1", "FEDORA:09D5030CBB02", "FEDORA:09F17304C3D1", "FEDORA:0A0E330BF57F", "FEDORA:0A9C130687AB", "FEDORA:0A9C530BF544", "FEDORA:0AA9E304C5FE", "FEDORA:0B0A3304C3D1", "FEDORA:0B14530683FA", "FEDORA:0B1F632FE8A5", "FEDORA:0B727304C3D1", "FEDORA:0B9623020AB5", "FEDORA:0BC9F3020AB5", "FEDORA:0BE2330BF685", "FEDORA:0BFBC30BF557", "FEDORA:0C24830CBD4C", "FEDORA:0CA2730687AB", "FEDORA:0D2963072EAA", "FEDORA:0DA11307253A", "FEDORA:0DD59304938D", "FEDORA:0E04730BF54A", "FEDORA:0E68B30683FA", "FEDORA:0E70530683FA", "FEDORA:0EB7C30BF689", "FEDORA:0ED503099AF7", "FEDORA:0EF3630680FF", "FEDORA:0EFD530BF689", "FEDORA:0F43830CCF46", "FEDORA:0F69B30CCAAC", "FEDORA:0F78C304C819", "FEDORA:0F9ED304938D", "FEDORA:0FA3130A5965", "FEDORA:0FFD13072534", "FEDORA:1018230A5965", "FEDORA:1082D30CCAAC", "FEDORA:10C9C304938D", "FEDORA:1255530BF54A", "FEDORA:126F1310A4B3", "FEDORA:131F230BF557", "FEDORA:14008304938D", "FEDORA:1413430BF57F", "FEDORA:142DF30B00AD", "FEDORA:14356304C3D1", "FEDORA:14A363058522", "FEDORA:14DC630BF557", "FEDORA:15000304C5FE", "FEDORA:150DF30BC732", "FEDORA:153B930CC2E9", "FEDORA:175AB30D4C0F", "FEDORA:1762E3099AF7", "FEDORA:17DD064638FB", "FEDORA:17FB53020AB5", "FEDORA:188FF30BF57F", "FEDORA:1930C304C5FE", "FEDORA:19609304C5FE", "FEDORA:1962330D4C0F", "FEDORA:1A323310044E", "FEDORA:1A69030680FF", "FEDORA:1A75B3072512", "FEDORA:1A9AA3072536", "FEDORA:1AFE830CB291", "FEDORA:1B34430687AB", "FEDORA:1B90A304C819", "FEDORA:1BA3D304938D", "FEDORA:1BA903099EF0", "FEDORA:1BF5960DA5CE", "FEDORA:1C3EA3099AFF", "FEDORA:1C6A8304C819", "FEDORA:1C84C304C3D1", "FEDORA:1D03330BF68E", "FEDORA:1D03C30BF557", "FEDORA:1D6AA304C819", "FEDORA:1DF6730BF696", "FEDORA:1E1B530BF557", "FEDORA:1E5DF60CC4A6", "FEDORA:1E77E30BF8C1", "FEDORA:1E94A30BF568", "FEDORA:1E9BC304C3D1", "FEDORA:1EB9730BF696", "FEDORA:1EC0F60C8AD5", "FEDORA:1EFCA30683FA", "FEDORA:1F82E30BF544", "FEDORA:1F83730C3DF7", "FEDORA:1FD283052DF1", "FEDORA:203B230CBD4C", "FEDORA:20551304C5FE", "FEDORA:2145730A5965", "FEDORA:2185E3072536", "FEDORA:226A330680FF", "FEDORA:22B89304938D", "FEDORA:22FEA304C819", "FEDORA:239DD30CC0E6", "FEDORA:23B4B60D1C89", "FEDORA:2411730BF6B4", "FEDORA:242003072512", "FEDORA:244A330680FF", "FEDORA:2465430BF568", "FEDORA:24E03304C5FE", "FEDORA:24E37304C3D1", "FEDORA:24FF23099AF7", "FEDORA:251063099AFF", "FEDORA:256CA30CCCA1", "FEDORA:256F130CCF4B", "FEDORA:258833099D1B", "FEDORA:25B4F30BF557", "FEDORA:25D73304938D", "FEDORA:25EEA30B4272", "FEDORA:26412307250A", "FEDORA:264B930A5965", "FEDORA:2660730BF566", "FEDORA:2672A30584F9", "FEDORA:267AF304C819", "FEDORA:26F2130CCCBD", "FEDORA:272813047E25", "FEDORA:2734530687AB", "FEDORA:273B03046B35", "FEDORA:274EE30683FA", "FEDORA:2768230CCAAC", "FEDORA:27D81304938D", "FEDORA:281E73099D19", "FEDORA:28FE430CB116", "FEDORA:2950F30BF57F", "FEDORA:29DC130BF54A", "FEDORA:2A14E30A5965", "FEDORA:2A31B30CCF40", "FEDORA:2A7A530BF689", "FEDORA:2A9CE304C3D1", "FEDORA:2B7E830CBD4C", "FEDORA:2C24930BF6BB", "FEDORA:2C57A304C819", "FEDORA:2CA0F304C819", "FEDORA:2CF81304C819", "FEDORA:2D2C43104B07", "FEDORA:2E1EF304C3D1", "FEDORA:2E3DD30BF57F", "FEDORA:2F5243106618", "FEDORA:2FB5430BF566", "FEDORA:301FF30BF685", "FEDORA:30DEE3020AB5", "FEDORA:30F6430BF694", "FEDORA:30FB8307251B", "FEDORA:3101F3100457", "FEDORA:3105130680FF", "FEDORA:3196530CBB02", "FEDORA:321AE304C819", "FEDORA:321B7307250A", "FEDORA:3271630A5965", "FEDORA:327F930683FA", "FEDORA:32DDB30BF8EF", "FEDORA:32DF93065945", "FEDORA:3334830BF690", "FEDORA:333FF30A5965", "FEDORA:33937304C819", "FEDORA:339963099AFF", "FEDORA:33A2A3047E25", "FEDORA:34ABD304E613", "FEDORA:34E3A30B00AD", "FEDORA:3513B304C5FE", "FEDORA:3550F30680FF", "FEDORA:35871304938D", "FEDORA:364FF304C819", "FEDORA:36B3730CBB02", "FEDORA:36E04304C5FE", "FEDORA:375BA30BF8CF", "FEDORA:375D93020AB5", "FEDORA:37FCB60E9B0C", "FEDORA:382AE3047E25", "FEDORA:38F783045B40", "FEDORA:391F030BF544", "FEDORA:3980C30A5965", "FEDORA:39F8F306B9A0", "FEDORA:3A0C930CBD4C", "FEDORA:3A2D6304938D", "FEDORA:3A48D304C819", "FEDORA:3AD54304C3D1", "FEDORA:3ADE33020AB5", "FEDORA:3AF12307252D", "FEDORA:3B6FA30CCAAC", "FEDORA:3B98230BF544", "FEDORA:3BAFB30CCF47", "FEDORA:3C5A23072512", "FEDORA:3C8A0304C5FE", "FEDORA:3D26D30CCAAC", "FEDORA:3D47D304C819", "FEDORA:3E52A3099D19", "FEDORA:3E5D6304C819", "FEDORA:3E601306B9A0", "FEDORA:3E85630CCCB0", "FEDORA:3EC36304938D", "FEDORA:3ECA930BAE11", "FEDORA:3EED430ACC3C", "FEDORA:3F0163020AB5", "FEDORA:3F18D30683FA", "FEDORA:3F1AD30ACC3C", "FEDORA:3F4F230687AB", "FEDORA:3F733304938D", "FEDORA:3F87430683FA", "FEDORA:3FFC6304C819", "FEDORA:4044C30CB118", "FEDORA:4081630CCF42", "FEDORA:40D35304C819", "FEDORA:4149D30BC732", "FEDORA:4168B30D4C0F", "FEDORA:4179F30BF8C5", "FEDORA:419E830CC2E7", "FEDORA:41BB73134122", "FEDORA:41BE130BF57F", "FEDORA:4318F3104B2B", "FEDORA:4426B304C819", "FEDORA:449BA30BF8C0", "FEDORA:44DFF30B00AD", "FEDORA:44F01304C5FE", "FEDORA:44F56325DDAB", "FEDORA:4534E304C5FE", "FEDORA:4539B310662E", "FEDORA:453D530A5965", "FEDORA:4576E30BF6A0", "FEDORA:45A24310662E", "FEDORA:461F8304938D", "FEDORA:463D5304C5FE", "FEDORA:46F1F307250A", "FEDORA:471F330BF557", "FEDORA:4760B307252D", "FEDORA:4791430BF681", "FEDORA:4794930BF6A3", "FEDORA:47D5F30BF557", "FEDORA:482FF30CC2E2", "FEDORA:4881F30BF689", "FEDORA:48A67307251B", "FEDORA:490003104B07", "FEDORA:494A9304C819", "FEDORA:496453057960", "FEDORA:4A3B8304C3D1", "FEDORA:4A6493099AF7", "FEDORA:4AD2C304C3D1", "FEDORA:4B13E3035611", "FEDORA:4B70130BF54A", "FEDORA:4B7B360DD64F", "FEDORA:4BA6430BF6BB", "FEDORA:4BF71304C3D1", "FEDORA:4D009304C3D1", "FEDORA:4D31430CC0E6", "FEDORA:4D9A8304C819", "FEDORA:4D9D1304938D", "FEDORA:4DA2B30BF6BC", "FEDORA:4E058304938D", "FEDORA:4E0BB30A5965", "FEDORA:4EC8130680FF", "FEDORA:4F3DF30509EA", "FEDORA:4F68930BF574", "FEDORA:50926304938D", "FEDORA:50D3E3099AF7", "FEDORA:50D7430EC834", "FEDORA:50FE2304938D", "FEDORA:516B930CC0DA", "FEDORA:517D430BF694", "FEDORA:51C8B30CCF40", "FEDORA:51CF4307251B", "FEDORA:51F9230B00AD", "FEDORA:525B7304938D", "FEDORA:5284430BF54A", "FEDORA:52A2A30683FA", "FEDORA:52D573072535", "FEDORA:52E333057969", "FEDORA:52EC830680FF", "FEDORA:5318E30BF54A", "FEDORA:5358830CCCA1", "FEDORA:5386B30CCCB0", "FEDORA:53FA330BF691", "FEDORA:5453A30CBB02", "FEDORA:545573099D19", "FEDORA:54F2A30CCAAC", "FEDORA:54FA7304C374", "FEDORA:5503230BF6A3", "FEDORA:5565B304938D", "FEDORA:5597430B00AD", "FEDORA:56DFD304C3D1", "FEDORA:56E5F30BF566", "FEDORA:5712530CCF4A", "FEDORA:571883099D19", "FEDORA:57259304C3D1", "FEDORA:574593099D1B", "FEDORA:575193047E25", "FEDORA:578F330CA03E", "FEDORA:57F4F30ACC3C", "FEDORA:57FAA30CBD4C", "FEDORA:581A8304C819", "FEDORA:58B38304C5FE", "FEDORA:58B81304C5FE", "FEDORA:58C09304C5FE", "FEDORA:58E4330A5965", "FEDORA:58EB530A5965", "FEDORA:5909E304C5FE", "FEDORA:591D3304C557", "FEDORA:595223099AF7", "FEDORA:595843065945", "FEDORA:595C8304938D", "FEDORA:5B045310662F", "FEDORA:5BDF13108D8E", "FEDORA:5BF2E30BF699", "FEDORA:5CC44317B3C1", "FEDORA:5D08B304C5FE", "FEDORA:5D522304C3D1", "FEDORA:5D57430A5965", "FEDORA:5D6473104B07", "FEDORA:5D70A304C819", "FEDORA:5E40530BF8C5", "FEDORA:5E5193072534", "FEDORA:5E6B630CC0DA", "FEDORA:5E6E7304C3D1", "FEDORA:5E763304C819", "FEDORA:5F11D3104B2B", "FEDORA:5F9893072535", "FEDORA:60914304C5FE", "FEDORA:60A1A6076012", "FEDORA:6106B30BF544", "FEDORA:6169E304C5FE", "FEDORA:6197630BF8D7", "FEDORA:6268530BF8C6", "FEDORA:62929304C5FE", "FEDORA:62D7B30BF6AE", "FEDORA:62ECD30BF568", "FEDORA:6304330687AB", "FEDORA:632533020AB5", "FEDORA:6346A307250A", "FEDORA:6359930CC2E2", "FEDORA:6450E30683FA", "FEDORA:648D630BF544", "FEDORA:649D030C5604", "FEDORA:6561B304C3D1", "FEDORA:6581530683FA", "FEDORA:658F030BF6BC", "FEDORA:65B0C304938D", "FEDORA:65E743075471", "FEDORA:6621530680FF", "FEDORA:665F13047E2B", "FEDORA:6682330BF8C1", "FEDORA:679A262AAFAA", "FEDORA:67B0730BF683", "FEDORA:67C9830B00AD", "FEDORA:67E6830CCF46", "FEDORA:680DF30B00AD", "FEDORA:689003072535", "FEDORA:689F630CBD4C", "FEDORA:68C8730BF557", "FEDORA:695A8304C819", "FEDORA:697F330CCCBD", "FEDORA:69F0B30CCAAC", "FEDORA:6A16C30683FA", "FEDORA:6A1843099AFF", "FEDORA:6A2FD30BF557", "FEDORA:6A31A30680FF", "FEDORA:6A4643072536", "FEDORA:6A710304C3D1", "FEDORA:6A7E230BF694", "FEDORA:6B3C630680FF", "FEDORA:6B462304C3D1", "FEDORA:6BC1E30CBD67", "FEDORA:6BC2230BF8C4", "FEDORA:6C41630CCCA1", "FEDORA:6D3F93020AB5", "FEDORA:6DF23304C819", "FEDORA:6DFC530BF54A", "FEDORA:6E22430B00AD", "FEDORA:6E56430CCF4C", "FEDORA:6E6F530BF54A", "FEDORA:6E96730CBB02", "FEDORA:6EF5D304C5FE", "FEDORA:6F30E60754BA", "FEDORA:6F355304C5CD", "FEDORA:6F744304C5FE", "FEDORA:6FFC0304C3D1", "FEDORA:703E130680FF", "FEDORA:7047B306C66B", "FEDORA:7113D304C819", "FEDORA:7185A30BF57F", "FEDORA:7198B3099EDF", "FEDORA:71C29304C3D1", "FEDORA:71D2A3099D1B", "FEDORA:72B9A30683FA", "FEDORA:72C893020AB5", "FEDORA:72FE13106617", "FEDORA:7300D30BF694", "FEDORA:7347130B680C", "FEDORA:73A6A30BF696", "FEDORA:73AE030BF681", "FEDORA:74F503106617", "FEDORA:7540E304938C", "FEDORA:754B630CBD4C", "FEDORA:755AF3072537", "FEDORA:75BF530BF544", "FEDORA:75C0530BF54A", "FEDORA:75C4D30BF556", "FEDORA:75FCC307253A", "FEDORA:764AD30680FF", "FEDORA:77AE2304C5FE", "FEDORA:77C64304C3D1", "FEDORA:78B8130BF57F", "FEDORA:78FD0306B9A0", "FEDORA:79077304938D", "FEDORA:7909A30BF681", "FEDORA:7963330680FF", "FEDORA:7965B30BF6BC", "FEDORA:796E9306B992", "FEDORA:79F4D30CB291", "FEDORA:7A1993072512", "FEDORA:7AD7B30BF557", "FEDORA:7AE5E30BF557", "FEDORA:7B214304C3D1", "FEDORA:7B40630BF699", "FEDORA:7B6A030680FF", "FEDORA:7C23730687AB", "FEDORA:7C6C330BF688", "FEDORA:7CD3B30B00AD", "FEDORA:7D19B304C819", "FEDORA:7D262307250A", "FEDORA:7DCCE30BF6AE", "FEDORA:7DD3E30BF571", "FEDORA:7DE9D30BF6AE", "FEDORA:7E16A304938D", "FEDORA:7E170304C819", "FEDORA:7E17D30683FA", "FEDORA:7E40630CCAAC", "FEDORA:7EA2E3099AF7", "FEDORA:7EDB9304C819", "FEDORA:7F04A30CC0DA", "FEDORA:7F17F307250A", "FEDORA:8014F30CCAAC", "FEDORA:8026430CCCB0", "FEDORA:807CF30A5965", "FEDORA:80F2A3072534", "FEDORA:8165430A5965", "FEDORA:81DA230BF8DB", "FEDORA:820B3304C5FE", "FEDORA:826C630CCAAC", "FEDORA:826DF30CC0DA", "FEDORA:82A1830687AB", "FEDORA:82A4F304C5FE", "FEDORA:82B7330B00AD", "FEDORA:8312630680FF", "FEDORA:8313C304C5FE", "FEDORA:831D13099D19", "FEDORA:8363F30A5965", "FEDORA:8382F304CB81", "FEDORA:83B40304C819", "FEDORA:8457730683FA", "FEDORA:8529E30CC2E7", "FEDORA:853CF30CCF4B", "FEDORA:854A530BF57F", "FEDORA:85C98304C5FE", "FEDORA:864A73099D19", "FEDORA:86D9C304938D", "FEDORA:86E49602F5A7", "FEDORA:8730C3047E25", "FEDORA:8765C3106618", "FEDORA:881FF3046B35", "FEDORA:8882E30B00AD", "FEDORA:8885830A5965", "FEDORA:88FA53106618", "FEDORA:891A4304C3D1", "FEDORA:89A21304C3D1", "FEDORA:89A99304938D", "FEDORA:8A35330BF566", "FEDORA:8AC763106618", "FEDORA:8AF733099AFF", "FEDORA:8B042304938D", "FEDORA:8B768304C3D1", "FEDORA:8BB7130BF685", "FEDORA:8BBAE3099EDF", "FEDORA:8BDD230CC2E7", "FEDORA:8BDE3307253A", "FEDORA:8C00E30A5965", "FEDORA:8C21C3099AF7", "FEDORA:8C784605291B", "FEDORA:8CC673072534", "FEDORA:8D31D30B00AD", "FEDORA:8D9A030BF696", "FEDORA:8E83D304C819", "FEDORA:8FB28306777D", "FEDORA:8FF5A30BF544", "FEDORA:9051B30CBB02", "FEDORA:90D27304C819", "FEDORA:911A4304C3D1", "FEDORA:912DF30BF695", "FEDORA:9160330BF574", "FEDORA:918EF30683FA", "FEDORA:91A3E307251B", "FEDORA:91B9C304C819", "FEDORA:92D4A30BF8D2", "FEDORA:938EF3047E25", "FEDORA:93ED2304E3A1", "FEDORA:94160304C819", "FEDORA:9488530CCF45", "FEDORA:94B1D30BF57F", "FEDORA:951A53093F52", "FEDORA:95DA930680F6", "FEDORA:9609430CBD4C", "FEDORA:963C6304C5FE", "FEDORA:964B530BF568", "FEDORA:9669B30CCCBD", "FEDORA:9681430683FA", "FEDORA:9689930CCCBD", "FEDORA:9693D304C5FE", "FEDORA:9704E30680FF", "FEDORA:970F230BF699", "FEDORA:9716E304C5FE", "FEDORA:971BC602F0E3", "FEDORA:972773072537", "FEDORA:973BF30BF68E", "FEDORA:983483020AB5", "FEDORA:98438304938D", "FEDORA:98FDB30CC2E2", "FEDORA:993EF606D491", "FEDORA:9986830BF568", "FEDORA:99B2F30683FA", "FEDORA:9A6B63047E25", "FEDORA:9ABCB30ACC3C", "FEDORA:9AC55304C3D1", "FEDORA:9B1CD30BF8DC", "FEDORA:9B65E30BF681", "FEDORA:9B7BC30CC2E9", "FEDORA:9B928304C3D1", "FEDORA:9BA6230CCF4F", "FEDORA:9BB57304938D", "FEDORA:9BD7D30CAEE8", "FEDORA:9BE4060C9AB7", "FEDORA:9C2C230BF557", "FEDORA:9CBFC3020AB5", "FEDORA:9CEC9304938D", "FEDORA:9D14330BF68E", "FEDORA:9D6483106630", "FEDORA:9DD42304C3D1", "FEDORA:9DD5330BF6AE", "FEDORA:9E70A30BF694", "FEDORA:9EB31304C819", "FEDORA:9EC21304C819", "FEDORA:9EC5B3104B07", "FEDORA:9F6A9304C819", "FEDORA:9FB3730B00AD", "FEDORA:9FE0F304938D", "FEDORA:A02E030A5965", "FEDORA:A0B9A3065945", "FEDORA:A0CF63020AB5", "FEDORA:A13B7304C5FE", "FEDORA:A14AF30680FF", "FEDORA:A196F30BF54A", "FEDORA:A19E03099AFF", "FEDORA:A23B830BF566", "FEDORA:A2594307250A", "FEDORA:A286D30BF54A", "FEDORA:A2CEE30687AB", "FEDORA:A2E8E30A5965", "FEDORA:A34E930CBB02", "FEDORA:A361330C9EAD", "FEDORA:A386830A3E4B", "FEDORA:A406530BF557", "FEDORA:A44963072537", "FEDORA:A4AE130683FA", "FEDORA:A4B9330BF556", "FEDORA:A4FC7304938D", "FEDORA:A52B830BF689", "FEDORA:A5B9A3020AB5", "FEDORA:A61AB30A5965", "FEDORA:A64153099D19", "FEDORA:A658F3099EE5", "FEDORA:A678730CB291", "FEDORA:A7241304C5FE", "FEDORA:A823B30BF566", "FEDORA:A8932307252D", "FEDORA:A8CD930BF57F", "FEDORA:A8D4830BF681", "FEDORA:A9839304C3D1", "FEDORA:A99A630680FF", "FEDORA:A9B2430BF689", "FEDORA:A9B95304C5FE", "FEDORA:AA08030BF689", "FEDORA:AAD6730CCAAC", "FEDORA:AB57A605B47C", "FEDORA:ABB16306B9A0", "FEDORA:ABE7D304C819", "FEDORA:ABEEB304938D", "FEDORA:AC225304C819", "FEDORA:AC2D130BF54A", "FEDORA:AC6EC30CBB02", "FEDORA:AC81530CCAAC", "FEDORA:AC8B030CCF40", "FEDORA:AC9AB30BBFBA", "FEDORA:ACF6830BF68E", "FEDORA:AD61A3058385", "FEDORA:ADDD53072512", "FEDORA:AE4E730680FF", "FEDORA:AE52530680EF", "FEDORA:AE6C030BF566", "FEDORA:AEA0D30A5965", "FEDORA:AEBB7304C3D1", "FEDORA:AEC2F30BF8C2", "FEDORA:AEDE330683FA", "FEDORA:AF09A30CC2E6", "FEDORA:AF0B830687AB", "FEDORA:AF30B304938D", "FEDORA:AF53C30BF6AE", "FEDORA:B0A1730680FF", "FEDORA:B183030CBB02", "FEDORA:B19DD3099AF7", "FEDORA:B1BA330E6E9E", "FEDORA:B1F6E30687AB", "FEDORA:B233730BF6BC", "FEDORA:B2C0930683FA", "FEDORA:B2D8630BF685", "FEDORA:B305630CCF42", "FEDORA:B320F3106632", "FEDORA:B387A3046B35", "FEDORA:B4158304938D", "FEDORA:B417B304C819", "FEDORA:B44343072512", "FEDORA:B53FA30BF54A", "FEDORA:B64A93099AF7", "FEDORA:B651E304C3D1", "FEDORA:B661A30687AB", "FEDORA:B69A5304C5FE", "FEDORA:B6B1430683FA", "FEDORA:B6BC83104B2B", "FEDORA:B6F7430BF6B3", "FEDORA:B821830683FA", "FEDORA:B87DE304C3D1", "FEDORA:B8ABA30D4C0F", "FEDORA:B8B4730BF568", "FEDORA:B8C453072512", "FEDORA:B9157304C819", "FEDORA:B930130B00AD", "FEDORA:B9478304C819", "FEDORA:BA49E30CBD4C", "FEDORA:BA88B30609BB", "FEDORA:BAB3F304938D", "FEDORA:BACD4304C5FE", "FEDORA:BB48C3099D19", "FEDORA:BBFE9307253C", "FEDORA:BC3F430CCF4A", "FEDORA:BCE3430CBD4C", "FEDORA:BCE71304C5FE", "FEDORA:BD23C30BF556", "FEDORA:BD84630BF8C5", "FEDORA:BE15830BF557", "FEDORA:BE6BD304C819", "FEDORA:BE89730BF574", "FEDORA:BF522304CB81", "FEDORA:BF819304C3D1", "FEDORA:BFAF73099AF7", "FEDORA:BFC483099EF0", "FEDORA:C02C03099AFF", "FEDORA:C0304313BD32", "FEDORA:C0F5930CCCB0", "FEDORA:C0FF7307250A", "FEDORA:C1EC2304C3D1", "FEDORA:C1FC9304C5FE", "FEDORA:C21C1304C819", "FEDORA:C282F30CB291", "FEDORA:C2A3A30CCCBD", "FEDORA:C3ABC30CCF41", "FEDORA:C414B304C5FE", "FEDORA:C462F30BF685", "FEDORA:C4B4D304C5FE", "FEDORA:C53B230BF544", "FEDORA:C548030BF696", "FEDORA:C54A830CBD67", "FEDORA:C5B1D3072536", "FEDORA:C6795304C5FE", "FEDORA:C6B60306596E", "FEDORA:C6B72304C5FE", "FEDORA:C6F3E30BF69D", "FEDORA:C6F78304C3D1", "FEDORA:C714830BF694", "FEDORA:C7D5230CC2E2", "FEDORA:C7E5D30680FF", "FEDORA:C7F8B30BF681", "FEDORA:C81FE30BF54A", "FEDORA:C8D4630BF681", "FEDORA:C935C30A5965", "FEDORA:C93673104B2B", "FEDORA:CA1D3304C5FE", "FEDORA:CA2C730BF557", "FEDORA:CA4AF30680FF", "FEDORA:CAED4307251B", "FEDORA:CB8BA30B00AD", "FEDORA:CB98F3099AF7", "FEDORA:CBFF8304C5FE", "FEDORA:CC46D30680FF", "FEDORA:CC4CA30BF557", "FEDORA:CC65A30687AB", "FEDORA:CC80A30BF689", "FEDORA:CC80D30BF696", "FEDORA:CC84130BF688", "FEDORA:CCF4A3020AB5", "FEDORA:CD22030680FF", "FEDORA:CD2C830BF696", "FEDORA:CE4AA304C819", "FEDORA:CE73730683FA", "FEDORA:CEA00304C819", "FEDORA:CEB833106618", "FEDORA:CEEF730680FF", "FEDORA:CEF0A307252D", "FEDORA:CF25A304C3D1", "FEDORA:CFBB930B00AD", "FEDORA:CFFC03099AFF", "FEDORA:D00BF30BF689", "FEDORA:D051B30680FF", "FEDORA:D0736603EB7F", "FEDORA:D094C30CC2E2", "FEDORA:D0EFE30BF566", "FEDORA:D103A304C5FE", "FEDORA:D1141304938D", "FEDORA:D11A930A4A19", "FEDORA:D1595304938D", "FEDORA:D181F30CCAAC", "FEDORA:D28ED305E2C3", "FEDORA:D2E7C304C3D1", "FEDORA:D347D30CC0DA", "FEDORA:D3BA5304C3D1", "FEDORA:D4424307252D", "FEDORA:D453230BF8C0", "FEDORA:D49A730BF6A0", "FEDORA:D4F723099EDF", "FEDORA:D5B6730A5965", "FEDORA:D705C30BF544", "FEDORA:D74713072512", "FEDORA:D749B30CCAAC", "FEDORA:D74D9304C5FE", "FEDORA:D755730ACC3C", "FEDORA:D7570304938D", "FEDORA:D7AEA30BF694", "FEDORA:D7B7B30BF54A", "FEDORA:D88D930CCAAC", "FEDORA:D8AAA30BF6AE", "FEDORA:D8E1830BF557", "FEDORA:D8E533099EF2", "FEDORA:D91F43020AB5", "FEDORA:D922F30BF566", "FEDORA:D9A5E30A4CCD", "FEDORA:D9CDA30CC0E6", "FEDORA:DA43030BF689", "FEDORA:DA58E30BF8CB", "FEDORA:DA89030CCAAC", "FEDORA:DB61F304E78E", "FEDORA:DB825304938D", "FEDORA:DBA4530CC0DA", "FEDORA:DBE88304C819", "FEDORA:DC5B0307253A", "FEDORA:DC5D330BF689", "FEDORA:DC71F30AD93F", "FEDORA:DC8CC3099D19", "FEDORA:DC9DD60BC96B", "FEDORA:DCEFD30BF566", "FEDORA:DD98530680FF", "FEDORA:DDFED30D4C0F", "FEDORA:DE7E8304C3D1", "FEDORA:DEE4E304C819", "FEDORA:DEF0E304C3D1", "FEDORA:DF18830683FA", "FEDORA:DF60E30530BE", "FEDORA:E020E304C5FE", "FEDORA:E04D030CBD4C", "FEDORA:E051F30B682E", "FEDORA:E0DFE30BF557", "FEDORA:E10F730A5965", "FEDORA:E1537304938D", "FEDORA:E191C3072534", "FEDORA:E200630687AB", "FEDORA:E26F6304C3D1", "FEDORA:E2F063057960", "FEDORA:E35FE30BF685", "FEDORA:E39F630BF6AE", "FEDORA:E438C304938D", "FEDORA:E4C1E306AB41", "FEDORA:E4FB0304C5FE", "FEDORA:E511730BF556", "FEDORA:E52273104B07", "FEDORA:E5A7E60321B6", "FEDORA:E5B33307250A", "FEDORA:E6212304C819", "FEDORA:E64C230687AB", "FEDORA:E65993099AFF", "FEDORA:E675730AB255", "FEDORA:E691030B00AD", "FEDORA:E69443099AF7", "FEDORA:E6B6B30BF566", "FEDORA:E6BE2304938D", "FEDORA:E6FFA30CC2E9", "FEDORA:E76E4610B02D", "FEDORA:E795130A3465", "FEDORA:E79DE30BF54A", "FEDORA:E807830680FF", "FEDORA:E84586030F6B", "FEDORA:E89C2304938D", "FEDORA:E8CD2304C5FE", "FEDORA:E96D03020AB5", "FEDORA:E9E4330CC0E6", "FEDORA:EA40A30680FF", "FEDORA:EA42C3166C34", "FEDORA:EA47830BF681", "FEDORA:EA61C3047E25", "FEDORA:EB1313072536", "FEDORA:EB5A5304938D", "FEDORA:EBE043099501", "FEDORA:EC08630680FF", "FEDORA:EC23D30683FA", "FEDORA:EC82130BF696", "FEDORA:ECA0030CCF41", "FEDORA:ECA3130BF688", "FEDORA:ECFDF30BF696", "FEDORA:ED61030CCCA1", "FEDORA:ED65F30BF685", "FEDORA:EDBDF307251B", "FEDORA:EE2EF610B02D", "FEDORA:EE41630BF683", "FEDORA:EE7F330CCCBD", "FEDORA:EEB3B30B00AD", "FEDORA:EEC2C304C5FE", "FEDORA:EF6BD3067761", "FEDORA:EFF6B304C819", "FEDORA:F0023304C3D1", "FEDORA:F06503048A39", "FEDORA:F0B8760E189F", "FEDORA:F0C8A30BF685", "FEDORA:F0EFC30CCCB0", "FEDORA:F11323099EE5", "FEDORA:F149334E497A", "FEDORA:F1FE23099D19", "FEDORA:F21EA3108AC3", "FEDORA:F263030CBB02", "FEDORA:F29A23099AF7", "FEDORA:F2BE130CC2E7", "FEDORA:F371730BF54A"]}, {"type": "freebsd", "idList": ["6A0129BF-54AD-11E9-987C-1C39475B9F84", "720505FE-593F-11EC-9BA8-002324B2FBA8", "72709326-81F7-11EB-950A-00155D646401", "7F242313-AEA5-11EB-8151-67F74CF7C704"]}, {"type": "gentoo", "idList": ["GLSA-202003-21", "GLSA-202107-26", "GLSA-202208-02"]}, {"type": "github", "idList": ["GHSA-2WP2-CHMH-R934", "GHSA-34JX-WX69-9X8V", "GHSA-3VM4-22FP-5RFM", "GHSA-3XH2-74W9-5VXM", "GHSA-4R78-HX75-JJJ2", "GHSA-579H-MV94-G4GP", "GHSA-58V3-J75H-XR49", "GHSA-5GJM-FJ42-X983", "GHSA-5RCV-M4M3-HFH7", "GHSA-6QFG-8799-R575", "GHSA-82HX-W2R5-C2WQ", "GHSA-83G2-8M93-V3W7", "GHSA-8C26-WMH5-6G9V", "GHSA-8CFG-VX93-JVXW", "GHSA-8MJG-8C8G-6H85", "GHSA-C3H9-896R-86JM", "GHSA-C3XM-PVG7-GH7R", "GHSA-C9GM-7RFJ-8W5H", "GHSA-CJJC-XP8V-855W", "GHSA-F5F7-6478-QM6P", "GHSA-FCF9-6FV2-FC5V", "GHSA-FFHG-7MH4-33C4", "GHSA-FGV8-VJ5C-2PPQ", "GHSA-G42G-737J-QX6J", "GHSA-GWC9-M7RH-J2WW", "GHSA-H6XX-PMXH-3WGP", "GHSA-H86H-8PPG-MXMH", "GHSA-J9WF-VVM6-4R9W", "GHSA-JMRX-5G74-6V2F", "GHSA-M332-53R6-2W93", "GHSA-M7VP-HQWV-7M5X", "GHSA-MC8V-MGRF-8F4M", "GHSA-MFV7-GQ43-W965", "GHSA-MV93-WVCP-7M7R", "GHSA-P4G4-WGRH-QRG2", "GHSA-P64J-R5F4-PWWX", "GHSA-PMQP-H87C-MR78", "GHSA-PPJ4-34RQ-V8J9", "GHSA-QH36-44JV-C8XJ", "GHSA-QHM4-JXV7-J9PQ", "GHSA-R5C5-PR8J-PFP7", "GHSA-V95C-P5HM-XQ8F", "GHSA-VC3P-29H2-GPCP", "GHSA-W73W-5M7G-F7QC", "GHSA-WF43-55JJ-VWQ8", "GHSA-WXC4-F4M6-WWQV", "GHSA-X6MJ-W4JF-JMGW", "GHSA-XJQR-G762-PXWP"]}, {"type": "githubexploit", "idList": ["05A9BE7D-0317-5F20-87C1-D63BA3A06BE4", "1F2DAACD-2041-5470-9811-7CB540788701", "2747307D-D8C7-5045-A017-AA9E18552C41", "2D5A7CBC-C897-5939-9B0F-BC29E8895D4C", "2E39E9FA-9974-514E-A56C-8D9C0F9FF85D", "4885CEF9-D05F-5F90-87FD-2C29C6ADAC5D", "49F291AB-38E4-506D-A185-70178D091F27", "6FE4C3C0-D500-5202-A7DB-D2A17693D071", "932A36C2-D362-520F-9900-946C72841DD8", "E5C9B17F-EC84-52B1-8901-335B1815C813"]}, {"type": "gitlab", "idList": ["GITLAB-0CB5C5994ADBABBE8EFF8058C50B4B9B", "GITLAB-10401E68DE7A0D5121787819AF94375B", "GITLAB-15B7CC6CF62BD89D3ADE7EC75D295FC9", "GITLAB-19BEDB067277319355C28F1305E05A64", "GITLAB-1C83DA484A70B31552EFFAA31B8A6260", "GITLAB-2200253EB3742FB22E3E05492F773799", "GITLAB-27A40FCBA37CE98A22A6F81B1B92BA00", "GITLAB-289E01AA8F8960652CA99E55352C3341", "GITLAB-290A6F9CD3D0E2E2D6AE29F356196D64", "GITLAB-2DCA7FECB815F3F4549B3CED63CABE48", "GITLAB-36669414BD4116BBD2D9B63554521CA3", "GITLAB-3B57E17E833AA5E25CE63C335713F94A", "GITLAB-3BAECACBA93AF08FEA6013341D65BFF4", "GITLAB-3E83F3DC95B32110DA6BF5FE49546EE0", "GITLAB-41809AE9F94FA523BC55D60265741C57", "GITLAB-41EB740F2C41D48F7D97620AE5EF2530", "GITLAB-5500087BBC45985A3CC96CCEE83115CF", "GITLAB-58EAE0B37B21E42AD4A1FB374D34B609", "GITLAB-5DF5FD99AF807784296876C7C9FBF6A2", "GITLAB-5EFFC804C3FC3D7DEDD64EF00D8C3F18", "GITLAB-60D166E1DE6606735090E64D70B37BFD", "GITLAB-66A1F95D911D761BE993DB111DAA5AF5", "GITLAB-6D31D27FD5A419D1FDF86A6A31B1D7CA", "GITLAB-762FC16C02E54AA329488FFFEE55CDDA", "GITLAB-7F2310664592AF09D1F1A1846CBA7F75", "GITLAB-810ADA37F486B156C48C2FACE0963EC3", "GITLAB-8430650BBD839B53E88B3F57D2EB5758", "GITLAB-84DF4E24F1110DBD616C55E5461D4DFD", "GITLAB-8500452D85BF09E08651B68E853E15EF", "GITLAB-858C0C2CB55205D95D36F2279B073965", "GITLAB-87C18190567EA683C477E20B56DC4A21", "GITLAB-8D7BA3B78283EE462A6A4B0CFD175A97", "GITLAB-8DE58C08538CD584B52C2EA29D8BB2D3", "GITLAB-919DA0C7A50094962DC72151B0CEFEA1", "GITLAB-9202EF868E573DAAD24E2AF5414C9E6B", "GITLAB-9C116BE2659A9C5338E91D0CAED1E322", "GITLAB-A976489A26DCC990E0713A4177B01A3B", "GITLAB-AB3069BECA4E13D9BD56539338E1E4FD", "GITLAB-AE2D23095470B73558795A81776A9FCD", "GITLAB-B930A44C9936C9B8051F37A4BF6A98CF", "GITLAB-CAAE82416333FEA782808998E60B6F7B", "GITLAB-CC8597507FDE90283CBAB6C8ABA02F9B", "GITLAB-D10D159931C4E53BA659DC588B17C4B8", "GITLAB-D49037C694FA3DDA7462DCBA23117A35", "GITLAB-D899879055E0CEE1264C3999920643D5", "GITLAB-D8D18D21BB65D4CEA109656D67938609", "GITLAB-DBF2E6B4943278B026CF5ED2E5146E97", "GITLAB-E1D4710E2B05EB8D583F4EBD1405CD04", "GITLAB-E2987E3B5286BA5C285C144B75168FAE", "GITLAB-E47003773F70A270EC54682DF9E5D229", "GITLAB-E57D8E3E01DBCCC03DE63F70574EFB76", "GITLAB-E777D060DA577190D141BA5B7F5EC16A", "GITLAB-EB858D797BA0D79A1C9E57BDA82C8930", "GITLAB-ED53129A9A67ABC3BAF9304FE05B9A92", "GITLAB-F0100320E4A944927271D944E511880D", "GITLAB-F1EB915BDF0E1D2E76026B2823906D1D", "GITLAB-F87F78376FBF3CE972F07B249EED8845"]}, {"type": "hackerone", "idList": ["H1:1145044", "H1:1294043", "H1:764986", "H1:774896", "H1:776017", "H1:863979", "H1:867699", "H1:952771"]}, {"type": "ibm", "idList": ["0AD025BF3AE3D08B1A4F474D2A0C2CEA08DB4E0B31A299CC87A32EFE83C51190", "0B53E3200D5A713133384D9D4BDCA43744971BD77A6671BF60F2E13078EEFEB2", "0BC93E77320B8F4F56F1603410A45D8342375F10AFFD31D582D693509969DD5A", "0BCEE1FD3E66D25B9F431CF00BA209628412770C942427868DEC0CA89DC6E028", "0D2BAAB0E42FF93BECEF13F372FB4FEDCF4FAD0B245DA53771AD3FF6C58E668E", "0F41CF9A71D87B7D7E59A699214770CD141475B16AE3D512020C6BE6E9637BC2", "0FF78AF1C487DE3B1A92548681C12BB71F6CB2B0B453E94F828CDEF3248FE0FD", "1235191EB33863C1E482EB2FBE8EE07837715EFC366FA3ACAF8DD7BA16B54E47", "147EB4D07985CB7587528D1FBFB02A47595F2094BB3705844F8CDEA4FBC9E359", "1576790F73AD05A6FB7E4499E4C91254E80D21997E690D869FD714331AE8222C", "1673E3910F6B4F071ED43032284242D8A81F79464E34B6AEC260CA221F5AC9C6", "182ABCECEC608BADE96BCE85E39885F9C426570CF16077D455A1277D9CC3649A", "1914476FD091A15E96610F7BF31547167EE2615FDE4E5D3885C1359FD96241AA", "19D52A8FF35F7ED39A8E12A67475724D85072FACAB5E51B0C6DA31F67A07D139", "1B086DC97C90E0AC70793D2174FE88271D65351E3C6955FB974DACDEE4BC1951", "1BC083EA4858E87682C2DCC388853D4448B262347029C3CAC17ED3DD53B87E2B", "1BD589A2EFA871129365AA28211FAACF45DF2612E504EA283F22F4A22491789B", "1CD5E6950C73DF747AE9D4BED1F86BAF234259110F5A8244F17B6CDCCAD032A3", "1D122E5717E6BDDA2976836FBA5EB572CDBD9A9C5B48AF895D30982993B5723D", "1D375703477B8434B33880D4C2BC54C4F52207A530C550AD113F53DC33F805E9", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "2096B373EABD2AFD96F3A45A3CF3C96927564E48D8BC00ABA35CCA6253B6D973", "2109EE38CC99E12F1008F0089F99297042E319B9C664BA1539651C0E4D69336F", "25F4EF01BF6E7BCCF214F4B93E40309E5EC3B67C46758623AC344F3D3341C33A", "26114C0AF74E32B7BA2D53697F37D4AB48ABD6EEB0F5600986CF8CF8C9BD2C4E", "276BB0A468267C8E6E9BD00DDB3FD61DF55A28C63216A35278C37E4D5A50F515", "277816ECF65BDD7ABEFFBB92794961F948DCE3AD4AC5AB39251FD27F47EC1D1B", "286E0BB68EF41C1A09A86D748D63E06B3B1C610591E7391DE1B99AB5E72225F8", "2ACAF7EF965645E3B6441E6A8A68E6FE8B309E3EF7A1558180C489C22189FA2F", "2B29E722CD7842746B86A41D74A03ECFD764A2734D5BE6FAAE9F2F3E29DF2040", "2B92C36DF570DFCF122A332D3B088AA29C2D5337205B90FE12EF9BEC6ED40D72", "2CBBC01EA20F67490CBAC1FBC54F752062CF74FF574C30707039FE42DBFD1C37", "2E0D3D0CF86F6C48B680F76C93BAE1886AC182B679AAB019C0AA49D79D2D84BA", "2FC3793C2B87F698814CA49B784BE0A8758E1AA3556B43FCFA74F2776E8348B2", "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "31D7B3EE9264C186C54DB5743E6C0D41570355A1644DF5C7B2F848369C0D7EDB", "33A27D0AEEF8AACDAAF944915958F47DC11CB3D5A75E10B5DD25A353BD472C7D", "34554239639E7BE30D7E2FF3E60FCF35C97429B34CA07D7E3B7EDA735A843CF5", "35CAC5896337E626E05E1CD02F2076F56C9DB49D964D1F9CBB92AD13760F199B", "398A0C56F979E169840E4C9577D2A00E4B139E7F88352DB185A974B4EFD2FCB7", "3A33CCD37E2DF7AF8B1E779E1063AD836CF34767294A40ED8497CBF108D2F679", "3A52F98FB2A9FDFA9AC5F1CB4088CEE8B6BAE80A799FC6C32019FA065A36D302", "3B0D8ACB4B5B2255EF9DEA45EAD9EA39000AEC094741C7FC25293C12152020E1", "3BB2DE866A11FAD4771919913C5F3DD9328DBA21AD505E9306555868A431908C", "3D7E22EE099BD344BA3805E09C3D8DC042FA6C7098C653EA2911D6C2DDBD485E", "3E017C3488632A21DCAE48AEA6F02FF3ECED62DE7C7827320782F812E329510A", "3E338EF2598C5A38851B4007BB667B0E1ECB48A936620A50CEF266D6BF1A4978", "3E950DFDA54BFA2F2126F2DFE82A568BADDF992E65D89C010B885AF24E881815", "3F638ACF3062BBAD408A6AB90AB722B2B647D1C82052603A0DF945EFCF2A52C8", "3FF772AA30D91592B94F6E275C504EBDE9E11D165317B50E5C7F2CA30B74F1E7", "40AB54AD406F2338CEDC99E69986ECDC190917A9D711E806EACC78563FDDE00D", "422E49C6FF275EE46A97F74B0B5F21D1F18DB4A09578B07DBD2F195E22B01ABB", "471D5FBA5ED6776FD4595A46D67E70EAEBE018121480731983348BBF4525DEE3", "482BC7D3851ADE9C874DBCE3E8E5A2A4EB1E5CA3199D458EF27B5944F169839B", "4E2C91D443B2D002C9237F719179663FBF30DE221B227E2997586AC4E37E0210", "4FE893A758F84CB4AAA0D7C44655843FD48280EB3CE8CD3A274C6F02F82EF404", "53F32964A2275244A5F7A1D6BE61A50BA12236B3F5CF9F259D3080CEA722858F", "549E7C0F847035771C3248CFF939686D82680412D47CFB4143AD25D71DC7EAB2", "56A78D4F1D7952AD8DD9B2D2FC4689C94FD82AA81A162A802A0DC498BB24B827", "57C02AAF01F42960456E935B7C8B92A296922818C1DD546F982669DAAA838B7C", "5AB78A431B4AE4E03B1DE85F5B614AA79A9A48C4976977DA7F1E07BA0ACE69A6", "5ADDCDCCBCAA61DA8CF5B02CB5B449E5A5F2BFFE2D509DF07ECBF25E4F3493E4", "5BE52962678849208DBB78075A36D8D5B485DEC707628BB3A9D37D4AA01BC678", "5CF5E501F33F27E00550D56AF2E8B4DD49ABBF9F37122E58BF4BBEBB4CE88ECC", "61142424CDD70878D989E6861AED4B94622D1FCCFD2C3B9C395400F055A7D36E", "6220CD7BD2B23845C5AFCB2371146CD267828A053B383FBEEF5D46FD47EDF1FA", "689E3015787595D64C910772E4B780065F2D1224B5672102F4B7600825B3EC77", "6BA70D78F086D07D5D04D35657C565B766597C9DE86C3B8D586D271713B4D89A", "6C6D4AD9677EC57657183241839761F8B14EA276C6AC7C4C5FC714F1E68FE7D1", "6CB09385A2E33618DEC17C042CDD4DC83892D66D365805086A962312D4B91A8D", "6EB07DD70BEA73F0C7E332D2302423FA026054A61EAEA3F9D1DF395742821CDD", "6EC4C5B30A74A65754CA7BC4A06D6762B0B89038AEF0C35E3EEE57844C98F384", "708DD58EF924C4F270FA025CCC7BBD11638641CC2DAB823AC8AB31F0E3103B99", "72323A87B15F078C393C08C2C6CBC69CF69DA2EEF2BE247F76E5827524377951", "731A6DDD5325438B0FCA3D1B2CA7C8881C1A425221911E3EF5FB3283E134B7EA", "763791E38337C34F22A68908FC979AE5D45166BCB47EFE4337C2CCC15D583CC6", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "7823701436D3C805F1BC4A90974E18B7F8837573081BA01C4A1AE1FABCFE9888", "7A2AB93E7F0DDAB709E04C2A3083F01A78EB3403F2956781D7C650C866D62D59", "7A89BB55E5B049E80A4EDE8650050366D20EC49B897A44F7858ECD4C51F1A2F8", "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "7B359356CD081C300B6ED54BB2BAD9F9EC8844DB36B849EAB8AF90AC4CDD5E55", "7B459927A24ED35F510CAB0005F98F8E144BB239430528EB8EC77F3D0EB1372D", "7EFA8759BCB67152DFF685CC5F49F4CC4107BCB1CB0D5A99E4341CAC1F608251", "7FCE3E3E222CDCA1789998F6F071B1ED0A1310F6CA44453B21275AC42EE9B8AF", "80DB9F9F74C5BD520FB1DB96783FB5555E836BF210B90BBE4F53895E6BB36B95", "843852EC2A09304BAF011D50823D2BB7A57BAEE948DB98CAB7237978EE291DA6", "84B1E0EF6A74AC43722051F9E05D1DEA8BA7B64FA8D3A4B3CD6DCAFB98689BD2", "85815DDF3FA335D34C78FFDC9F78B8A523BA1A5831E31B17BE474151000B2907", "883B66BBC428EF9C3DF145A5C127B4BFC99B6BA1FB3CFD362ECC8BFC48D63DED", "89511E569BF29BF797EA6EC67510C77A11A66D9311BD722C3856265463CF3DE7", "8D9B9BFC32E5B5B4609361E90F40FC45223A5EF4732AE30F4ECF847EE1F5FF74", "8E65C53809370747DE4D8E11BF0872BC66C371BCD82B529AFDFF1D152729699C", "90033C8810900B282DA5060D5ECD8546BE618C515401F73AC2D7E6E17DBADA83", "906C8CD7D37A767D6592B0FFD75F9768235BA8C20B9D64F4DD33C15A7BB7CFC1", "95AB48F7B221B2C6A6737A41383F4D7B4D0961F1601E22550FDB192B63B948CE", "9639F84E85C1FD3D4C5A89655B415BE95E955B63B48D2B85EF64F81DAC429A11", "982EA862C22E8FF05D2C9905860E544C6D0CEB8C6C9055D8DF479A9F7DEB30F7", "98875FEBA354671308C99C247D5FD7D8B655B6975DD82926C486C4750ED991AD", "9ADF75B47365B276A546C6258E198C5D4136BB408380D7D9D5885BD656029DB5", "9B836FD2A429413FD1FEFBFE2067B9346E4F981BD19FEBF0603FE9C0533BE5F0", "9BAEEBDEE0152EA56DBFA33D387D2BBD1EA32B298DDDAD12585FCBCEA556DC03", "9E37850C8244F335F0CA17B7B306304B03B94EAC82EA065D18650FE6EFCB356C", "A672FAD4D4008E416F01CAC297F94C9CEA100F89F258F6FF67665C7FF6EC35DF", "A74B562A201F87B6DD98C72FFCBAB42E5DCAEC6CE62FE82E7BC4B489D6AF2349", "A96704B928C0B7A605969848960CBEBAB006665FA540D8F648221522BF1679CA", "AAA1E7F7408D13B0908F8A20B8978B0936350FAEE4F29868B5F998116F3084A0", "ACADB7968DA0F2B9A699E4A4F017D7CE853EB3898FF48F8C445659980A8E5015", "ACDBABA4BEBC098DA37120100F01E67DFD9D6040A03A389FA5C51B8B867A3D91", "AD9DBBB5067A53C70E85A28D69FCA6EEF4F2E2085D86265C9CAAB047AC79BE98", "B0EA461380F19EFEA6326C0F5F62699842A0CD9B583F45C2D2C84A1307581CAA", "B13A430866DCA64C67F6C19A04FDDBD8E0F1F18817F983A4A482E59069E86B7E", "B14711FCCE28FBD42E1415D4FA69A18716B176D49881F931260BA9778C11599E", "B1B96E41B191CA64EBAEC4747596FFC1551CE38BB57456DB9813D36ECE6786EF", "B2D23BD1D5A2E171F710BB33D0C5F41A57DF13B2FD8888D8478B0D097E7CD421", "B8931EA27BDD2F0F7419770C5E03F1B77C3A1F8EAE1CF9FDF6DD57BAB1642DFE", "B99FE653A9AE0763E6DFAA942F58E9D4A12C26AAFC9C59A49585A65B29261118", "BA1A0E184888C0EF0CB32C88DB01C0557118D94034B3DF0E37C668638A21EE88", "BB102058DB74C85CF5DE300FF1CF0E7D3CACBD4A94A042FF5AE98444134BCFD4", "BB8FBFB56D8E1976D6BDF686AD8FD1DFCA49CA7607104C1ADB951004E0755FE6", "BC833C23BBEB81DC30F26014A70792A9D0E36E4FB4F6F70D589D1606D3780C58", "BD0CAD884A774A8B47EC45533570B5B84F2EC65526305D5628B233623E99C4AD", "BD28BB4EB475B712F1D7686F12ED30187104837C1AC3DD3D98166156A3A60223", "BE03DEEA0ADE5D59084C33C973A459F3D566CE77D5851C6D52641D5BF004CAA8", "BEA5EE713AB6C06AFEADA582472FE62DD7145AE387D605D4AFE65D032A4C9860", "BF3867BF30EF50C41C8574C13252F7690FC2BDD0B5EEB35DA60429774A1BA6D8", "C00CA1FBAB9202E64462B2BF77F0ED60BC785060E001593CB61BA37AB170F2A4", "C0E9684B49132A5C643F57203917E59234200C263D8D259AF3B82F55DC9250C7", "C29499BD0F2FB4EE074605E30EDF431882196E6707D547E22CE00A51DC37845E", "C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF", "C53E6254F502912E3DC8D9611C5E5F11A2C8641C3A30DEC3263825CAFA718EFB", "C77A3FB1234D5563CB991E1ED9E2E569D99224E36A45CE06B686EAC8DA06B944", "C815D5BA0527F8CF454767B7D16A6B819AF9B998FAC3AFC2A63E79F6A57AD83A", "C83981362F4756AB603658B0E7F0D2604F2E633F824B48EC92F4F2F2D3F5FF94", "CAB2E721824F0D862EF8F8E283F283FA3A82438C3D84276C60869762440E680C", "CACE742F60CCFFDDEBAD27526A0EF5C039135740AD552F5DBCA391CEB33BC04D", "CC983DDE3A6BE17B8850207ED033B202394D0FA5BDE2E6F2277EDFFB373F5611", "CDCC12630F70C23AEA9E4FF8A828C907D3B44C51B436CD1353EA714B6351BA53", "D123779355BC4ABF556BE1CB1C0AC3B3376DE0C5AEACD6468D7153F832BCE791", "D34A8747B4D4B812B2F23F1A3751844734B878F06709BA11BFDE77F840DB7B55", "D3C347A5A7C4AA243B17CFCC5AD0080A2A49CC6A651602DF047BC554082EB3A1", "D59742329AD39D4371AE700C91B22C0E2C04250CABE9EC610C5208050B1A1EDE", "D6303D5529B1E857A3994EC4D24E166980135EA8F90D5FFBEDE55DA7C1C1B872", "D642B106AEF6A0331D5279B5D198C003A15DD599D9D5027FB7E0DDEE76D361BD", "D832368CDD7007A4876A8BE1FE9E6AF978D35F1DE5FB75E96F60393726202E38", "D868AD81C669B9E569A689A02806864451F07762C239A0843D2C0BA8E77CD603", "D910928648A66660B4EF26E5685D05C7C8D269DFFB0ACC4D4B2EDAFF261E4D46", "D99698E4CB08517A2CFD13567CBE8E838E51A81A51E6D50DD9F2B98F4824B592", "DB19CC91E0D3D28009555DCEE83987CCC51377895A3E7C027B724C9D8135F82F", "DCA5BB2EDDEC41A76F73480A15130AFC475844BC760E2F16C0A9E63333F4ECBE", "DEA06F95F7802ECBC95D55E9940E40E3949ADB5BCD96184885840CAC1A76C777", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DFB983A046BDA51570751B63D3E7958952635B04A7122D346F824D918258AC44", "E29176A4C511EDCA01697E7E4D3BC6044E6DCAA2FFEB14F21BBE839363DEFC8B", "E2D3D4668C85D1A85CEDFF69088FE9AFDA835B8AE7E9CBD0A785F0A61FEA6281", "E43687480718D62403FAE624926EF4DCB0A894AFF26C5E9C5F75A8D56B17B6E6", "E44CE2F0F86B1196280412E970030BEB796B7DF73A4580865992E9A728429474", "E4F312AB288C29F25E2C65D2339174FE8C9D60918D7A512EC1EA202EDC637B6D", "E6C3E8A20C2A38509AF9365413B7BCB90C242838A01C16ED3D3D195E054C46F4", "E729E553D7DEE030B1A83DB69F2510017BB5645C970A5BC20855AF904517097A", "E74DCF3005E160FC964375A6D950A25614126F8ED7F149A05686EF42F9A468E0", "E859CE7E5B23AC8D6E62C2CDCCAA3A02B47C985377E910F4A97BF8E00F88B208", "E9A8C23824FEB3CF54C07A25B19E265D1905F763E9CC29B4410E2EC85F28EE49", "ECC51A8C423F5EDA50374654A4E746F6D31797DF6F144FAD256C43D958E0F349", "ED1E746B4A444761DF86B7BD074E2911879CE51C4CFBB278424F2A23E63071FA", "EE3F69DB0756C44AE3B430C37F675C3996793B7254B2E503759E7B1FA35A0053", "EF38988A8ADFAFD600C0AFEBC1A1C334BFCA6536F9015788D929A5A8036B9536", "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "F093A08993AEB53C8D5F6F2FE220825F9FC675CC904F54B3FE037444F61A7876", "F16FD84C4B2F4D34ED0A961E38B09E4BFCE8DADD88227D9261A9F8829EFFFA29", "F19FA467F5833590DFD8E3F6433D57AEDF0F4C528AECE9A1B2B57AC044C6062D", "F2018DF6B5783A154F66D47CF61A02700B33271E5A9BF9B7EA3DF4AD976BD52B", "F3376E9C34CB16D99C8CF8163AC5F36758FB59DA0EDCA6000BD291EB42D4B7C6", "F388E7A0704FC5BFFEDE2E6274B32214289732FAE5D48B13E5D71E96A238204A", "F4562CCE9E2D6492BBBE44DC195812B000F6C5E4EB138BF0EBD5197AC64B28A3", "F4D9C099CDE53210BFE11C56596FB4501413B1B4E122E44A50F865309A7B6503", "F55D4F3C9972036DFFB2F86883199DDA4C73A33359FC45E50D3F6DFB8F503421", "F70D0DF73C87971C237AC16F9CD1006CD70859E26495E6BFCCE2EAFBC3010C82", "F75806AF51F262CD91F3E2017F6775AF7816B8E15289C5596B33856B18979E5B", "FAB379977E912000BDC5630F98FF8F38C5E2A35454F27F969AA5CF0D3B2684B6", "FAC767DA1928A87B9EF7EBB5649EE0D08E9AE2FEA27206A006BA8E327DE9BCC5", "FCF30D7ADA54D4AE43D018AEE7C5A4607A5A17AD991F64ABB89758502D022DD9", "FD26ACB4315E02B8E8132EC3DD0C3DE48709C63BDD7824030F954FFA49E19DAD", "FD5481A8FAEA26370800B3C24D5356F2495D324636876B8458455F763A9A8B1E", "FE4F33A4770F50A9E54A773DABFF605A127BD15AC0E4A99FA9BFE726ABEE17B2", "FEEB22705846872BB83E3BC9FE94522005DBC482F542E59A9C17E7BC4EEDF76A", "FF744F0B04AF94F6505534B8EAB141705EE5FBC6423AF991538AEB022AEC8BD0"]}, {"type": "ics", "idList": ["ICSA-23-047-04"]}, {"type": "kitploit", "idList": ["KITPLOIT:1751489026679880812", "KITPLOIT:216801248370103608", "KITPLOIT:8656177976839178440"]}, {"type": "mageia", "idList": ["MGASA-2019-0076", "MGASA-2020-0050", "MGASA-2020-0173", "MGASA-2021-0369", "MGASA-2021-0412", "MGASA-2021-0531", "MGASA-2021-0553", "MGASA-2021-0587", "MGASA-2022-0006"]}, {"type": "myhack58", "idList": ["MYHACK58:62201892318"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-192.NASL", "AL2022_ALAS2022-2022-193.NASL", "AL2023_ALAS2023-2023-046.NASL", "AL2023_ALAS2023-2023-047.NASL", "AL2023_ALAS2023-2023-048.NASL", "AL2_ALAS-2020-1494.NASL", "AL2_ALAS-2021-1657.NASL", "AL2_ALAS-2022-1776.NASL", "AL2_ALAS-2022-1811.NASL", "AL2_ALAS-2022-1830.NASL", "AL2_ALAS-2022-1846.NASL", "AL2_ALAS-2022-1847.NASL", "AL2_ALAS-2022-1858.NASL", "AL2_ALAS-2022-1859.NASL", "AL2_ALAS-2022-1860.NASL", "AL2_ALAS-2022-1861.NASL", "AL2_ALAS-2022-1862.NASL", "AL2_ALAS-2022-1863.NASL", "AL2_ALAS-2022-1864.NASL", "AL2_ALAS-2022-1865.NASL", "AL2_ALASDOCKER-2022-020.NASL", "ALA_ALAS-2020-1436.NASL", "ALA_ALAS-2021-1499.NASL", "ALA_ALAS-2021-1512.NASL", "ALA_ALAS-2021-1551.NASL", "ALA_ALAS-2022-1583.NASL", "ALA_ALAS-2022-1635.NASL", "ALMA_LINUX_ALSA-2021-5160.NASL", "ALMA_LINUX_ALSA-2022-0001.NASL", "ALMA_LINUX_ALSA-2022-7129.NASL", "ALMA_LINUX_ALSA-2022-7457.NASL", "ALMA_LINUX_ALSA-2022-7469.NASL", "ALMA_LINUX_ALSA-2022-7954.NASL", "ALMA_LINUX_ALSA-2022-8008.NASL", "CENTOS8_RHSA-2019-4269.NASL", "CENTOS8_RHSA-2020-3665.NASL", "CENTOS8_RHSA-2020-4694.NASL", "CENTOS8_RHSA-2021-1796.NASL", "CENTOS8_RHSA-2021-2291.NASL", "CENTOS8_RHSA-2021-2370.NASL", "CENTOS8_RHSA-2021-2371.NASL", "CENTOS8_RHSA-2021-3076.NASL", "CENTOS8_RHSA-2021-5160.NASL", "CENTOS8_RHSA-2022-7457.NASL", "CENTOS8_RHSA-2022-7469.NASL", "COCKROACHDB_A58932.NASL", "DEBIAN_DLA-1840.NASL", "DEBIAN_DLA-1920.NASL", "DEBIAN_DLA-2320.NASL", "DEBIAN_DLA-2402.NASL", "DEBIAN_DLA-2442.NASL", "DEBIAN_DLA-2453.NASL", "DEBIAN_DLA-2454.NASL", "DEBIAN_DLA-2455.NASL", "DEBIAN_DLA-2520.NASL", "DEBIAN_DLA-2527.NASL", "DEBIAN_DLA-2841.NASL", "DEBIAN_DLA-2891.NASL", "DEBIAN_DLA-2892.NASL", "DEBIAN_DLA-3322.NASL", "DEBIAN_DLA-3369.NASL", "DEBIAN_DLA-3395.NASL", "DEBIAN_DLA-3420.NASL", "DEBIAN_DSA-4848.NASL", "EULEROS_SA-2020-1804.NASL", "EULEROS_SA-2021-1980.NASL", "EULEROS_SA-2021-2050.NASL", "EULEROS_SA-2021-2061.NASL", "EULEROS_SA-2021-2217.NASL", "EULEROS_SA-2021-2292.NASL", "EULEROS_SA-2021-2462.NASL", "EULEROS_SA-2021-2497.NASL", "EULEROS_SA-2021-2523.NASL", "EULEROS_SA-2021-2527.NASL", "EULEROS_SA-2021-2547.NASL", "EULEROS_SA-2021-2551.NASL", "EULEROS_SA-2022-1345.NASL", "EULEROS_SA-2022-1428.NASL", "EULEROS_SA-2022-1449.NASL", "EULEROS_SA-2022-1487.NASL", "EULEROS_SA-2022-1506.NASL", "EULEROS_SA-2022-2218.NASL", "EULEROS_SA-2022-2240.NASL", "EULEROS_SA-2022-2253.NASL", "EULEROS_SA-2022-2706.NASL", "EULEROS_SA-2023-1618.NASL", "FEDORA_2018-16C8FDF9B8.NASL", "FEDORA_2018-2BFBD27A0B.NASL", "FEDORA_2018-314913636B.NASL", "FEDORA_2018-9B965C4EED.NASL", "FEDORA_2019-07D447A1D3.NASL", "FEDORA_2019-219B0B0B6A.NASL", "FEDORA_2019-2B8EF08C95.NASL", "FEDORA_2019-3ECFF65275.NASL", "FEDORA_2019-3FC86A518B.NASL", "FEDORA_2019-723711C645.NASL", "FEDORA_2019-833466697F.NASL", "FEDORA_2019-901FEBA171.NASL", "FEDORA_2019-96946C39DD.NASL", "FEDORA_2019-A034423DB8.NASL", "FEDORA_2019-BD4843561C.NASL", "FEDORA_2019-F5B57646B7.NASL", "FEDORA_2020-12BC5B5597.NASL", "FEDORA_2020-A55F130272.NASL", "FEDORA_2020-AEEA04CD13.NASL", "FEDORA_2020-CD43B84C16.NASL", "FEDORA_2021-FB466FB623.NASL", "FREEBSD_PKG_6A0129BF54AD11E9987C1C39475B9F84.NASL", "FREEBSD_PKG_720505FE593F11EC9BA8002324B2FBA8.NASL", "FREEBSD_PKG_7270932681F711EB950A00155D646401.NASL", "FREEBSD_PKG_7F242313AEA511EB815167F74CF7C704.NASL", "GENTOO_GLSA-202003-21.NASL", "GENTOO_GLSA-202107-26.NASL", "GENTOO_GLSA-202208-02.NASL", "KUBERNETES_1_13_5_DIRECTORY_TRAVERSAL.NASL", "KUBERNETES_1_14_2_DIRECTORY_TRAVERSAL.NASL", "KUBERNETES_1_17_3.NASL", "KUBERNETES_1_9_4_MULTIPLE_VULNERABILITIES.NASL", "KUBE_1_12_3.NASL", "KUBE_CVE_2018_1002105.NASL", "NEWSTART_CGSL_NS-SA-2020-0082_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2021-0006_CONTAINERD_IO.NASL", "NEWSTART_CGSL_NS-SA-2021-0138_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0007_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0020_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0033_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0056_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0095_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2023-0014_DOCKER-CE.NASL", "OPENSUSE-2019-2418.NASL", "OPENSUSE-2019-2434.NASL", "OPENSUSE-2020-45.NASL", "OPENSUSE-2020-554.NASL", "OPENSUSE-2021-1404.NASL", "OPENSUSE-2021-1525.NASL", "OPENSUSE-2021-1625.NASL", "OPENSUSE-2021-1626.NASL", "OPENSUSE-2021-1954.NASL", "OPENSUSE-2021-3506.NASL", "OPENSUSE-2021-4169.NASL", "OPENSUSE-2021-4171.NASL", "OPENSUSE-2021-4186.NASL", "OPENSUSE-2021-480.NASL", "OPENSUSE-2021-878.NASL", "OPENSUSE-2021-904.NASL", "OPENSUSE-2022-0040-1.NASL", "OPENSUSE-2022-0334-1.NASL", "OPENSUSE-2022-0526-1.NASL", "OPENSUSE-2022-0770-1.NASL", "OPENSUSE-2022-23018-1.NASL", "OPENSUSE-2023-0018-1.NASL", "ORACLELINUX_ELSA-2018-4061.NASL", "ORACLELINUX_ELSA-2019-4269.NASL", "ORACLELINUX_ELSA-2019-4598.NASL", "ORACLELINUX_ELSA-2020-3665.NASL", "ORACLELINUX_ELSA-2021-14902.NASL", "ORACLELINUX_ELSA-2021-15112.NASL", "ORACLELINUX_ELSA-2021-1796.NASL", "ORACLELINUX_ELSA-2021-2291.NASL", "ORACLELINUX_ELSA-2021-2370.NASL", "ORACLELINUX_ELSA-2021-2371.NASL", "ORACLELINUX_ELSA-2021-3076.NASL", "ORACLELINUX_ELSA-2021-5160.NASL", "ORACLELINUX_ELSA-2021-9028.NASL", "ORACLELINUX_ELSA-2021-9029.NASL", "ORACLELINUX_ELSA-2021-9267.NASL", "ORACLELINUX_ELSA-2021-9268.NASL", "ORACLELINUX_ELSA-2021-9298.NASL", "ORACLELINUX_ELSA-2021-9329.NASL", "ORACLELINUX_ELSA-2021-9526.NASL", "ORACLELINUX_ELSA-2021-9546.NASL", "ORACLELINUX_ELSA-2022-0001.NASL", "ORACLELINUX_ELSA-2022-17956.NASL", "ORACLELINUX_ELSA-2022-7129.NASL", "ORACLELINUX_ELSA-2022-7457.NASL", "ORACLELINUX_ELSA-2022-7469.NASL", "ORACLELINUX_ELSA-2022-7954.NASL", "ORACLELINUX_ELSA-2022-8008.NASL", "PHOTONOS_PHSA-2018-2_0-0112.NASL", "PHOTONOS_PHSA-2018-2_0-0112_KUBERNETES.NASL", "PHOTONOS_PHSA-2019-1_0-0202_KUBERNETES.NASL", "PHOTONOS_PHSA-2019-1_0-0252_KUBERNETES.NASL", "PHOTONOS_PHSA-2019-1_0-0255_KUBERNETES.NASL", "PHOTONOS_PHSA-2019-2_0-0177_KUBERNETES.NASL", "PHOTONOS_PHSA-2019-2_0-0187_ETCD.NASL", "PHOTONOS_PHSA-2019-3_0-0031_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-1_0-0264_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-1_0-0288_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-1_0-0289_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-1_0-0292_DOCKER.NASL", "PHOTONOS_PHSA-2020-1_0-0292_GO.NASL", "PHOTONOS_PHSA-2020-1_0-0313_ETCD.NASL", "PHOTONOS_PHSA-2020-2_0-0229_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-2_0-0238_GO.NASL", "PHOTONOS_PHSA-2020-2_0-0241_DOCKER.NASL", "PHOTONOS_PHSA-2020-2_0-0272_ETCD.NASL", "PHOTONOS_PHSA-2020-2_0-0285_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-3_0-0084_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-3_0-0087_GO.NASL", "PHOTONOS_PHSA-2020-3_0-0088_DOCKER.NASL", "PHOTONOS_PHSA-2020-3_0-0126_ETCD.NASL", "PHOTONOS_PHSA-2020-3_0-0142_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-1_0-0376_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-1_0-0388_RUNC.NASL", "PHOTONOS_PHSA-2021-1_0-0413_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-1_0-0435_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-2_0-0326_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-2_0-0347_RUNC.NASL", "PHOTONOS_PHSA-2021-2_0-0394_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-3_0-0196_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-3_0-0239_RUNC.NASL", "PHOTONOS_PHSA-2021-3_0-0248_GO.NASL", "PHOTONOS_PHSA-2021-3_0-0276_GO.NASL", "PHOTONOS_PHSA-2021-3_0-0303_CONSUL.NASL", "PHOTONOS_PHSA-2021-3_0-0303_KUBERNETES.NASL", "PHOTONOS_PHSA-2021-4_0-0013_GO.NASL", "PHOTONOS_PHSA-2021-4_0-0035_RUNC.NASL", "PHOTONOS_PHSA-2021-4_0-0046_GO.NASL", "PHOTONOS_PHSA-2021-4_0-0105_CONSUL.NASL", "PHOTONOS_PHSA-2021-4_0-0112_KUBERNETES.NASL", "PHOTONOS_PHSA-2022-3_0-0345_RUNC.NASL", "RANCHER_2_1_3.NASL", "REDHAT-RHSA-2018-0475.NASL", "REDHAT-RHSA-2018-2906.NASL", "REDHAT-RHSA-2018-2908.NASL", "REDHAT-RHSA-2018-3537.NASL", "REDHAT-RHSA-2018-3549.NASL", "REDHAT-RHSA-2018-3551.NASL", "REDHAT-RHSA-2018-3598.NASL", "REDHAT-RHSA-2018-3624.NASL", "REDHAT-RHSA-2018-3742.NASL", "REDHAT-RHSA-2018-3752.NASL", "REDHAT-RHSA-2018-3754.NASL", "REDHAT-RHSA-2019-0237.NASL", "REDHAT-RHSA-2019-0487.NASL", "REDHAT-RHSA-2019-1352.NASL", "REDHAT-RHSA-2019-1632.NASL", "REDHAT-RHSA-2019-1633.NASL", "REDHAT-RHSA-2019-1852.NASL", "REDHAT-RHSA-2019-2504.NASL", "REDHAT-RHSA-2019-2690.NASL", "REDHAT-RHSA-2019-2769.NASL", "REDHAT-RHSA-2019-3132.NASL", "REDHAT-RHSA-2019-3239.NASL", "REDHAT-RHSA-2019-3266.NASL", "REDHAT-RHSA-2019-3811.NASL", "REDHAT-RHSA-2019-3905.NASL", "REDHAT-RHSA-2019-3940.NASL", "REDHAT-RHSA-2019-4052.NASL", "REDHAT-RHSA-2019-4074.NASL", "REDHAT-RHSA-2019-4087.NASL", "REDHAT-RHSA-2019-4269.NASL", "REDHAT-RHSA-2020-1234.NASL", "REDHAT-RHSA-2020-1276.NASL", "REDHAT-RHSA-2020-1527.NASL", "REDHAT-RHSA-2020-2413.NASL", "REDHAT-RHSA-2020-2440.NASL", "REDHAT-RHSA-2020-2448.NASL", "REDHAT-RHSA-2020-2479.NASL", "REDHAT-RHSA-2020-2594.NASL", "REDHAT-RHSA-2020-2795.NASL", "REDHAT-RHSA-2020-2796.NASL", "REDHAT-RHSA-2020-2799.NASL", "REDHAT-RHSA-2020-2861.NASL", "REDHAT-RHSA-2020-2863.NASL", "REDHAT-RHSA-2020-2870.NASL", "REDHAT-RHSA-2020-2992.NASL", "REDHAT-RHSA-2020-3369.NASL", "REDHAT-RHSA-2020-3519.NASL", "REDHAT-RHSA-2020-3579.NASL", "REDHAT-RHSA-2020-3665.NASL", "REDHAT-RHSA-2020-3808.NASL", "REDHAT-RHSA-2020-4214.NASL", "REDHAT-RHSA-2020-4297.NASL", "REDHAT-RHSA-2020-4694.NASL", "REDHAT-RHSA-2020-5054.NASL", "REDHAT-RHSA-2020-5055.NASL", "REDHAT-RHSA-2020-5056.NASL", "REDHAT-RHSA-2020-5363.NASL", "REDHAT-RHSA-2020-5634.NASL", "REDHAT-RHSA-2021-0030.NASL", "REDHAT-RHSA-2021-0079.NASL", "REDHAT-RHSA-2021-0172.NASL", "REDHAT-RHSA-2021-0833.NASL", "REDHAT-RHSA-2021-0916.NASL", "REDHAT-RHSA-2021-1006.NASL", "REDHAT-RHSA-2021-1407.NASL", "REDHAT-RHSA-2021-1562.NASL", "REDHAT-RHSA-2021-1566.NASL", "REDHAT-RHSA-2021-1796.NASL", "REDHAT-RHSA-2021-2057.NASL", "REDHAT-RHSA-2021-2144.NASL", "REDHAT-RHSA-2021-2145.NASL", "REDHAT-RHSA-2021-2150.NASL", "REDHAT-RHSA-2021-2291.NASL", "REDHAT-RHSA-2021-2292.NASL", "REDHAT-RHSA-2021-2370.NASL", "REDHAT-RHSA-2021-2371.NASL", "REDHAT-RHSA-2021-2437.NASL", "REDHAT-RHSA-2021-2984.NASL", "REDHAT-RHSA-2021-3076.NASL", "REDHAT-RHSA-2021-3193.NASL", "REDHAT-RHSA-2021-3248.NASL", "REDHAT-RHSA-2021-3487.NASL", "REDHAT-RHSA-2021-3631.NASL", "REDHAT-RHSA-2021-3635.NASL", "REDHAT-RHSA-2021-3642.NASL", "REDHAT-RHSA-2021-3646.NASL", "REDHAT-RHSA-2021-3915.NASL", "REDHAT-RHSA-2021-5072.NASL", "REDHAT-RHSA-2021-5160.NASL", "REDHAT-RHSA-2021-5176.NASL", "REDHAT-RHSA-2022-0001.NASL", "REDHAT-RHSA-2022-0002.NASL", "REDHAT-RHSA-2022-0055.NASL", "REDHAT-RHSA-2022-0237.NASL", "REDHAT-RHSA-2022-0260.NASL", "REDHAT-RHSA-2022-0308.NASL", "REDHAT-RHSA-2022-0557.NASL", "REDHAT-RHSA-2022-0927.NASL", "REDHAT-RHSA-2022-1276.NASL", "REDHAT-RHSA-2022-1628.NASL", "REDHAT-RHSA-2022-5068.NASL", "REDHAT-RHSA-2022-7129.NASL", "REDHAT-RHSA-2022-7457.NASL", "REDHAT-RHSA-2022-7469.NASL", "REDHAT-RHSA-2022-7954.NASL", "REDHAT-RHSA-2022-8008.NASL", "ROCKY_LINUX_RLSA-2021-2291.NASL", "ROCKY_LINUX_RLSA-2021-2370.NASL", "ROCKY_LINUX_RLSA-2021-2371.NASL", "ROCKY_LINUX_RLSA-2022-7457.NASL", "ROCKY_LINUX_RLSA-2022-7469.NASL", "SUSE_SU-2019-2786-1.NASL", "SUSE_SU-2019-2810-1.NASL", "SUSE_SU-2020-0035-1.NASL", "SUSE_SU-2020-3760-1.NASL", "SUSE_SU-2021-0937-1.NASL", "SUSE_SU-2021-0938-1.NASL", "SUSE_SU-2021-1885-1.NASL", "SUSE_SU-2021-1954-1.NASL", "SUSE_SU-2021-2082-1.NASL", "SUSE_SU-2021-2085-1.NASL", "SUSE_SU-2021-3336-1.NASL", "SUSE_SU-2021-3506-1.NASL", "SUSE_SU-2021-4059-1.NASL", "SUSE_SU-2021-4169-1.NASL", "SUSE_SU-2021-4171-1.NASL", "SUSE_SU-2021-4186-1.NASL", "SUSE_SU-2022-0040-1.NASL", "SUSE_SU-2022-0130-1.NASL", "SUSE_SU-2022-0213-1.NASL", "SUSE_SU-2022-0334-1.NASL", "SUSE_SU-2022-0526-1.NASL", "SUSE_SU-2022-0770-1.NASL", "SUSE_SU-2022-1459-1.NASL", "SUSE_SU-2022-1461-1.NASL", "SUSE_SU-2022-1462-1.NASL", "SUSE_SU-2022-1466-1.NASL", "SUSE_SU-2022-1507-1.NASL", "SUSE_SU-2022-1689-1.NASL", "SUSE_SU-2022-1694-1.NASL", "SUSE_SU-2022-1717-1.NASL", "SUSE_SU-2022-23018-1.NASL", "SUSE_SU-2022-2834-1.NASL", "SUSE_SU-2022-2839-1.NASL", "SUSE_SU-2022-3480-1.NASL", "SUSE_SU-2022-3655-1.NASL", "SUSE_SU-2022-3766-1.NASL", "SUSE_SU-2022-4150-1.NASL", "SUSE_SU-2022-4151-1.NASL", "SUSE_SU-2022-4409-1.NASL", "SUSE_SU-2022-4463-1.NASL", "SUSE_SU-2022-4592-1.NASL", "SUSE_SU-2022-4593-1.NASL", "SUSE_SU-2023-0187-1.NASL", "SUSE_SU-2023-0326-1.NASL", "SUSE_SU-2023-2183-1.NASL", "SUSE_SU-2023-2187-1.NASL", "UBUNTU_USN-4297-1.NASL", "UBUNTU_USN-4574-1.NASL", "UBUNTU_USN-4960-1.NASL", "UBUNTU_USN-5628-1.NASL", "UBUNTU_USN-5873-1.NASL", "UBUNTU_USN-6088-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310141874", "OPENVAS:1361412562310142002", "OPENVAS:1361412562310844359", "OPENVAS:1361412562310852758", "OPENVAS:1361412562310852926", "OPENVAS:1361412562310852979", "OPENVAS:1361412562310853127", "OPENVAS:1361412562310874425", "OPENVAS:1361412562310874578", "OPENVAS:1361412562310875434", "OPENVAS:1361412562310875435", "OPENVAS:1361412562310875473", "OPENVAS:1361412562310875517", "OPENVAS:1361412562310875599", "OPENVAS:1361412562310875618", "OPENVAS:1361412562310875930", "OPENVAS:1361412562310876004", "OPENVAS:1361412562310876134", "OPENVAS:1361412562310876238", "OPENVAS:1361412562310876244", "OPENVAS:1361412562310876279", "OPENVAS:1361412562310876521", "OPENVAS:1361412562310876720", "OPENVAS:1361412562310876722", "OPENVAS:1361412562310876915", "OPENVAS:1361412562310876916", "OPENVAS:1361412562310877229", "OPENVAS:1361412562310877447", "OPENVAS:1361412562310877690", "OPENVAS:1361412562310891840", "OPENVAS:1361412562310891920"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4061", "ELSA-2018-4303", "ELSA-2019-4269", "ELSA-2019-4546", "ELSA-2019-4593", "ELSA-2019-4597", "ELSA-2019-4598", "ELSA-2019-4609", "ELSA-2019-4610", "ELSA-2019-4611", "ELSA-2019-4756", "ELSA-2019-4816", "ELSA-2020-0348", "ELSA-2020-1379", "ELSA-2020-3053", "ELSA-2020-3665", "ELSA-2020-4694", "ELSA-2020-5653", "ELSA-2020-5654", "ELSA-2020-5725", "ELSA-2020-5726", "ELSA-2020-5727", "ELSA-2020-5765", "ELSA-2020-5766", "ELSA-2020-5767", "ELSA-2021-14902", "ELSA-2021-15112", "ELSA-2021-1796", "ELSA-2021-2291", "ELSA-2021-2370", "ELSA-2021-2371", "ELSA-2021-3076", "ELSA-2021-5160", "ELSA-2021-9028", "ELSA-2021-9029", "ELSA-2021-9267", "ELSA-2021-9268", "ELSA-2021-9298", "ELSA-2021-9329", "ELSA-2021-9526", "ELSA-2021-9546", "ELSA-2022-0001", "ELSA-2022-7129", "ELSA-2022-7457", "ELSA-2022-7469", "ELSA-2022-7954", "ELSA-2022-8008"]}, {"type": "osv", "idList": ["OSV:DLA-1840-1", "OSV:DLA-1920-1", "OSV:DLA-2320-1", "OSV:DLA-2402-1", "OSV:DLA-2442-1", "OSV:DLA-2453-1", "OSV:DLA-2454-1", "OSV:DLA-2455-1", "OSV:DLA-2520-1", "OSV:DLA-2527-1", "OSV:DLA-2841-1", "OSV:DLA-2891-1", "OSV:DLA-2892-1", "OSV:DLA-3322-1", "OSV:DLA-3369-1", "OSV:DLA-3395-1", "OSV:DLA-3395-2", "OSV:DLA-3420-1", "OSV:DSA-4848-1", "OSV:GHSA-2WP2-CHMH-R934", "OSV:GHSA-33M6-Q9V5-62R7", "OSV:GHSA-34JX-WX69-9X8V", "OSV:GHSA-3VM4-22FP-5RFM", "OSV:GHSA-3XH2-74W9-5VXM", "OSV:GHSA-4R78-HX75-JJJ2", "OSV:GHSA-579H-MV94-G4GP", "OSV:GHSA-58V3-J75H-XR49", "OSV:GHSA-5GJM-FJ42-X983", "OSV:GHSA-5RCV-M4M3-HFH7", "OSV:GHSA-6QFG-8799-R575", "OSV:GHSA-82HX-W2R5-C2WQ", "OSV:GHSA-83G2-8M93-V3W7", "OSV:GHSA-8C26-WMH5-6G9V", "OSV:GHSA-8CFG-VX93-JVXW", "OSV:GHSA-8MJG-8C8G-6H85", "OSV:GHSA-C3H9-896R-86JM", "OSV:GHSA-C3XM-PVG7-GH7R", "OSV:GHSA-C9GM-7RFJ-8W5H", "OSV:GHSA-CJJC-XP8V-855W", "OSV:GHSA-F5F7-6478-QM6P", "OSV:GHSA-FCF9-6FV2-FC5V", "OSV:GHSA-FFHG-7MH4-33C4", "OSV:GHSA-FGV8-VJ5C-2PPQ", "OSV:GHSA-G42G-737J-QX6J", "OSV:GHSA-GWC9-M7RH-J2WW", "OSV:GHSA-H6XX-PMXH-3WGP", "OSV:GHSA-H86H-8PPG-MXMH", "OSV:GHSA-J9WF-VVM6-4R9W", "OSV:GHSA-JMRX-5G74-6V2F", "OSV:GHSA-M332-53R6-2W93", "OSV:GHSA-M7VP-HQWV-7M5X", "OSV:GHSA-MC8V-MGRF-8F4M", "OSV:GHSA-MFV7-GQ43-W965", "OSV:GHSA-MV93-WVCP-7M7R", "OSV:GHSA-P4G4-WGRH-QRG2", "OSV:GHSA-P64J-R5F4-PWWX", "OSV:GHSA-PMQP-H87C-MR78", "OSV:GHSA-PPJ4-34RQ-V8J9", "OSV:GHSA-QH36-44JV-C8XJ", "OSV:GHSA-QHM4-JXV7-J9PQ", "OSV:GHSA-R5C5-PR8J-PFP7", "OSV:GHSA-V95C-P5HM-XQ8F", "OSV:GHSA-VC3P-29H2-GPCP", "OSV:GHSA-W73W-5M7G-F7QC", "OSV:GHSA-WF43-55JJ-VWQ8", "OSV:GHSA-WXC4-F4M6-WWQV", "OSV:GHSA-X6MJ-W4JF-JMGW", "OSV:GHSA-XJQR-G762-PXWP", "OSV:GO-2020-0005", "OSV:GO-2020-0007", "OSV:GO-2020-0012", "OSV:GO-2020-0014", "OSV:GO-2020-0015", "OSV:GO-2020-0017", "OSV:GO-2020-0018", "OSV:GO-2020-0019", "OSV:GO-2020-0036", "OSV:GO-2021-0053", "OSV:GO-2021-0054", "OSV:GO-2021-0064", "OSV:GO-2021-0065", "OSV:GO-2021-0066", "OSV:GO-2021-0077", "OSV:GO-2021-0085", "OSV:GO-2021-0227", "OSV:GO-2021-0234", "OSV:GO-2021-0238", "OSV:GO-2021-0265", "OSV:GO-2021-0356", "OSV:GO-2022-0192", "OSV:GO-2022-0193", "OSV:GO-2022-0197", "OSV:GO-2022-0209", "OSV:GO-2022-0229", "OSV:GO-2022-0230", "OSV:GO-2022-0236", "OSV:GO-2022-0244", "OSV:GO-2022-0274", "OSV:GO-2022-0288", "OSV:GO-2022-0968"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152840", "PACKETSTORM:156480"]}, {"type": "photon", "idList": ["PHSA-2018-2.0-0112", "PHSA-2019-0003", "PHSA-2019-0031", "PHSA-2019-0036", "PHSA-2019-0167", "PHSA-2019-0177", "PHSA-2019-0184", "PHSA-2019-0186", "PHSA-2019-0187", "PHSA-2019-0202", "PHSA-2019-0239", "PHSA-2019-0252", "PHSA-2019-1.0-0202", "PHSA-2019-1.0-0252", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0177", "PHSA-2019-2.0-0187", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0036", "PHSA-2020-0084", "PHSA-2020-0087", "PHSA-2020-0088", "PHSA-2020-0126", "PHSA-2020-0130", "PHSA-2020-0142", "PHSA-2020-0229", "PHSA-2020-0241", "PHSA-2020-0264", "PHSA-2020-0288", "PHSA-2020-0289", "PHSA-2020-0292", "PHSA-2020-0313", "PHSA-2020-0325", "PHSA-2020-1.0-0264", "PHSA-2020-1.0-0288", "PHSA-2020-1.0-0289", "PHSA-2020-1.0-0292", "PHSA-2020-1.0-0313", "PHSA-2020-1.0-0325", "PHSA-2020-2.0-0229", "PHSA-2020-2.0-0238", "PHSA-2020-2.0-0241", "PHSA-2020-2.0-0272", "PHSA-2020-2.0-0285", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0087", "PHSA-2020-3.0-0088", "PHSA-2020-3.0-0126", "PHSA-2020-3.0-0130", "PHSA-2020-3.0-0142", "PHSA-2021-0013", "PHSA-2021-0035", "PHSA-2021-0046", "PHSA-2021-0105", "PHSA-2021-0112", "PHSA-2021-0196", "PHSA-2021-0239", "PHSA-2021-0247", "PHSA-2021-0248", "PHSA-2021-0276", "PHSA-2021-0303", "PHSA-2021-0326", "PHSA-2021-0345", "PHSA-2021-0347", "PHSA-2021-0368", "PHSA-2021-0376", "PHSA-2021-0388", "PHSA-2021-0413", "PHSA-2021-0435", "PHSA-2021-0458", "PHSA-2021-1.0-0368", "PHSA-2021-1.0-0376", "PHSA-2021-1.0-0388", "PHSA-2021-1.0-0413", "PHSA-2021-1.0-0435", "PHSA-2021-2.0-0326", "PHSA-2021-2.0-0347", "PHSA-2021-2.0-0394", "PHSA-2021-3.0-0196", "PHSA-2021-3.0-0239", "PHSA-2021-3.0-0247", "PHSA-2021-3.0-0248", "PHSA-2021-3.0-0276", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0345", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0046", "PHSA-2021-4.0-0105", "PHSA-2021-4.0-0112", "PHSA-2022-0153", "PHSA-2022-0154", "PHSA-2022-0345", "PHSA-2022-0361", "PHSA-2022-0374", "PHSA-2022-0440", "PHSA-2022-0456", "PHSA-2022-0476", "PHSA-2022-3.0-0345", "PHSA-2022-3.0-0352", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0374", "PHSA-2022-4.0-0153", "PHSA-2022-4.0-0154"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C34329319F801C91B20EF858C729A35D"]}, {"type": "redhat", "idList": ["RHSA-2018:0475", "RHSA-2018:2906", "RHSA-2018:2908", "RHSA-2018:3537", "RHSA-2018:3549", "RHSA-2018:3551", "RHSA-2018:3598", "RHSA-2018:3624", "RHSA-2018:3742", "RHSA-2018:3752", "RHSA-2018:3754", "RHSA-2019:0237", "RHSA-2019:0487", "RHSA-2019:1352", "RHSA-2019:1632", "RHSA-2019:1633", "RHSA-2019:1852", "RHSA-2019:2504", "RHSA-2019:2690", "RHSA-2019:2769", "RHSA-2019:3132", "RHSA-2019:3239", "RHSA-2019:3266", "RHSA-2019:3267", "RHSA-2019:3811", "RHSA-2019:3905", "RHSA-2019:3940", "RHSA-2019:4052", "RHSA-2019:4074", "RHSA-2019:4087", "RHSA-2019:4090", "RHSA-2019:4269", "RHSA-2020:0933", "RHSA-2020:1234", "RHSA-2020:1276", "RHSA-2020:1277", "RHSA-2020:1526", "RHSA-2020:1527", "RHSA-2020:2306", "RHSA-2020:2412", "RHSA-2020:2413", "RHSA-2020:2440", "RHSA-2020:2441", "RHSA-2020:2448", "RHSA-2020:2449", "RHSA-2020:2479", "RHSA-2020:2594", "RHSA-2020:2789", "RHSA-2020:2790", "RHSA-2020:2793", "RHSA-2020:2795", "RHSA-2020:2796", "RHSA-2020:2799", "RHSA-2020:2861", "RHSA-2020:2863", "RHSA-2020:2870", "RHSA-2020:2878", "RHSA-2020:2992", "RHSA-2020:3078", "RHSA-2020:3369", "RHSA-2020:3372", "RHSA-2020:3414", "RHSA-2020:3519", "RHSA-2020:3520", "RHSA-2020:3578", "RHSA-2020:3579", "RHSA-2020:3580", "RHSA-2020:3665", "RHSA-2020:3727", "RHSA-2020:3780", "RHSA-2020:3783", "RHSA-2020:3808", "RHSA-2020:3809", "RHSA-2020:4214", "RHSA-2020:4264", "RHSA-2020:4297", "RHSA-2020:4298", "RHSA-2020:4694", "RHSA-2020:5054", "RHSA-2020:5055", "RHSA-2020:5056", "RHSA-2020:5149", "RHSA-2020:5194", "RHSA-2020:5198", "RHSA-2020:5259", "RHSA-2020:5359", "RHSA-2020:5363", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5606", "RHSA-2020:5633", "RHSA-2020:5634", "RHSA-2020:5635", "RHSA-2021:0030", "RHSA-2021:0079", "RHSA-2021:0100", "RHSA-2021:0171", "RHSA-2021:0172", "RHSA-2021:0187", "RHSA-2021:0190", "RHSA-2021:0281", "RHSA-2021:0420", "RHSA-2021:0516", "RHSA-2021:0607", "RHSA-2021:0719", "RHSA-2021:0799", "RHSA-2021:0833", "RHSA-2021:0916", "RHSA-2021:0980", "RHSA-2021:1005", "RHSA-2021:1006", "RHSA-2021:1007", "RHSA-2021:1129", "RHSA-2021:1168", "RHSA-2021:1225", "RHSA-2021:1227", "RHSA-2021:1369", "RHSA-2021:1407", "RHSA-2021:1552", "RHSA-2021:1561", "RHSA-2021:1562", "RHSA-2021:1563", "RHSA-2021:1566", "RHSA-2021:1796", "RHSA-2021:2039", "RHSA-2021:2041", "RHSA-2021:2042", "RHSA-2021:2057", "RHSA-2021:2121", "RHSA-2021:2130", "RHSA-2021:2136", "RHSA-2021:2144", "RHSA-2021:2145", "RHSA-2021:2150", "RHSA-2021:2286", "RHSA-2021:2291", "RHSA-2021:2292", "RHSA-2021:2370", "RHSA-2021:2371", "RHSA-2021:2374", "RHSA-2021:2437", "RHSA-2021:2438", "RHSA-2021:2543", "RHSA-2021:2704", "RHSA-2021:2705", "RHSA-2021:2920", "RHSA-2021:2977", "RHSA-2021:2983", "RHSA-2021:2984", "RHSA-2021:3001", "RHSA-2021:3016", "RHSA-2021:3076", "RHSA-2021:3140", "RHSA-2021:3193", "RHSA-2021:3248", "RHSA-2021:3259", "RHSA-2021:3262", "RHSA-2021:3303", "RHSA-2021:3361", "RHSA-2021:3487", "RHSA-2021:3555", "RHSA-2021:3556", "RHSA-2021:3631", "RHSA-2021:3635", "RHSA-2021:3642", "RHSA-2021:3646", "RHSA-2021:3733", "RHSA-2021:3748", "RHSA-2021:3759", "RHSA-2021:3915", "RHSA-2021:3925", "RHSA-2021:4103", "RHSA-2021:4104", "RHSA-2021:4627", "RHSA-2021:5072", "RHSA-2021:5085", "RHSA-2021:5086", "RHSA-2021:5110", "RHSA-2021:5160", "RHSA-2021:5176", "RHSA-2022:0001", "RHSA-2022:0002", "RHSA-2022:0055", "RHSA-2022:0056", "RHSA-2022:0163", "RHSA-2022:0191", "RHSA-2022:0237", "RHSA-2022:0260", "RHSA-2022:0283", "RHSA-2022:0308", "RHSA-2022:0492", "RHSA-2022:0557", "RHSA-2022:0577", "RHSA-2022:0585", "RHSA-2022:0587", "RHSA-2022:0595", "RHSA-2022:0687", "RHSA-2022:0735", "RHSA-2022:0842", "RHSA-2022:0855", "RHSA-2022:0927", "RHSA-2022:0947", "RHSA-2022:1051", "RHSA-2022:1056", "RHSA-2022:1081", "RHSA-2022:1276", "RHSA-2022:1361", "RHSA-2022:1372", "RHSA-2022:1396", "RHSA-2022:1476", "RHSA-2022:1628", "RHSA-2022:1660", "RHSA-2022:1679", "RHSA-2022:1681", "RHSA-2022:1734", "RHSA-2022:2183", "RHSA-2022:4668", "RHSA-2022:4880", "RHSA-2022:4956", "RHSA-2022:5068", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5188", "RHSA-2022:5201", "RHSA-2022:5673", "RHSA-2022:6133", "RHSA-2022:6347", "RHSA-2022:6429", "RHSA-2022:6526", "RHSA-2022:6527", "RHSA-2022:6536", "RHSA-2022:6916", "RHSA-2022:7129", "RHSA-2022:7401", "RHSA-2022:7457", "RHSA-2022:7469", "RHSA-2022:7954", "RHSA-2022:8008", "RHSA-2022:8634", "RHSA-2022:8893", "RHSA-2022:8932", "RHSA-2022:8938", "RHSA-2022:9047", "RHSA-2022:9096", "RHSA-2022:9107", "RHSA-2023:0407", "RHSA-2023:0408", "RHSA-2023:0769", "RHSA-2023:1325"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1002101", "RH:CVE-2017-18367", "RH:CVE-2018-1002105", "RH:CVE-2018-1098", "RH:CVE-2018-1099", "RH:CVE-2018-16886", "RH:CVE-2018-17142", "RH:CVE-2018-17143", "RH:CVE-2018-17846", "RH:CVE-2018-17847", "RH:CVE-2018-17848", "RH:CVE-2018-20699", "RH:CVE-2019-1002101", "RH:CVE-2019-11246", "RH:CVE-2019-11247", "RH:CVE-2019-11249", "RH:CVE-2019-11250", "RH:CVE-2019-11251", "RH:CVE-2019-11252", "RH:CVE-2019-11253", "RH:CVE-2019-11254", "RH:CVE-2019-11840", "RH:CVE-2019-16884", "RH:CVE-2020-10752", "RH:CVE-2020-14040", "RH:CVE-2020-15106", "RH:CVE-2020-15112", "RH:CVE-2020-15113", "RH:CVE-2020-26160", "RH:CVE-2020-27813", "RH:CVE-2020-28851", "RH:CVE-2020-28852", "RH:CVE-2020-29652", "RH:CVE-2020-7919", "RH:CVE-2020-8551", "RH:CVE-2020-8552", "RH:CVE-2020-8554", "RH:CVE-2020-8555", "RH:CVE-2020-8557", "RH:CVE-2020-8559", "RH:CVE-2020-8564", "RH:CVE-2020-8565", "RH:CVE-2020-9283", "RH:CVE-2021-20206", "RH:CVE-2021-23161", "RH:CVE-2021-25735", "RH:CVE-2021-25736", "RH:CVE-2021-25737", "RH:CVE-2021-25741", "RH:CVE-2021-27918", "RH:CVE-2021-30465", "RH:CVE-2021-3121", "RH:CVE-2021-31525", "RH:CVE-2021-33194", "RH:CVE-2021-3538", "RH:CVE-2021-3703", "RH:CVE-2021-3724", "RH:CVE-2021-41190", "RH:CVE-2021-43565", "RH:CVE-2021-43784", "RH:CVE-2021-44716", "RH:CVE-2021-44907", "RH:CVE-2022-27191"]}, {"type": "rocky", "idList": ["RLSA-2019:4269", "RLSA-2020:4694", "RLSA-2021:1796", "RLSA-2021:2291", "RLSA-2021:2370", "RLSA-2021:2371", "RLSA-2021:3076", "RLSA-2021:5160", "RLSA-2022:0001", "RLSA-2022:7129", "RLSA-2022:7457", "RLSA-2022:7469", "RLSA-2022:7954", "RLSA-2022:8008"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2418-1", "OPENSUSE-SU-2019:2434-1", "OPENSUSE-SU-2020:0045-1", "OPENSUSE-SU-2020:0554-1", "OPENSUSE-SU-2021:0480-1", "OPENSUSE-SU-2021:0878-1", "OPENSUSE-SU-2021:0904-1", "OPENSUSE-SU-2021:1404-1", "OPENSUSE-SU-2021:1525-1", "OPENSUSE-SU-2021:1625-1", "OPENSUSE-SU-2021:1626-1", "OPENSUSE-SU-2021:1954-1", "OPENSUSE-SU-2021:3506-1", "OPENSUSE-SU-2021:4169-1", "OPENSUSE-SU-2021:4171-1", "OPENSUSE-SU-2021:4186-1", "OPENSUSE-SU-2022:0040-1", "OPENSUSE-SU-2022:0334-1", "OPENSUSE-SU-2022:0526-1", "OPENSUSE-SU-2022:0770-1", "OPENSUSE-SU-2022:23018-1", "SUSE-SU-2022:1461-1", "SUSE-SU-2022:1462-1", "SUSE-SU-2022:1689-1", "SUSE-SU-2022:1694-1", "SUSE-SU-2022:1717-1", "SUSE-SU-2022:2834-1", "SUSE-SU-2022:2839-1", "SUSE-SU-2022:2839-2", "SUSE-SU-2022:3655-1", "SUSE-SU-2022:3766-1"]}, {"type": "symantec", "idList": ["SMNTC-111260", "SMNTC-111263"]}, {"type": "threatpost", "idList": ["THREATPOST:370E8753340A65AA22C611DB35A611BA", "THREATPOST:4855D753AD8D155F3665D0814ABB393B", "THREATPOST:639EA1C04C8045117A5A3480A9967CB7", "THREATPOST:DFF8ED339B7012ECBA9C67651AC4441A", "THREATPOST:FC19D0DEB6098A46E54D73010204C32B"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:99C513629DD4D60C7FD34F2B784F534A"]}, {"type": "ubuntu", "idList": ["USN-4297-1", "USN-4574-1", "USN-4867-1", "USN-4960-1", "USN-5628-1", "USN-5628-2", "USN-5873-1", "USN-6088-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-1002101", "UB:CVE-2017-18367", "UB:CVE-2018-1002105", "UB:CVE-2018-1098", "UB:CVE-2018-1099", "UB:CVE-2018-16886", "UB:CVE-2018-17142", "UB:CVE-2018-17143", "UB:CVE-2018-17846", "UB:CVE-2018-17847", "UB:CVE-2018-17848", "UB:CVE-2018-20699", "UB:CVE-2019-1002101", "UB:CVE-2019-11246", "UB:CVE-2019-11247", "UB:CVE-2019-11249", "UB:CVE-2019-11250", "UB:CVE-2019-11251", "UB:CVE-2019-11252", "UB:CVE-2019-11253", "UB:CVE-2019-11254", "UB:CVE-2019-11840", "UB:CVE-2019-11841", "UB:CVE-2019-16884", "UB:CVE-2020-14040", "UB:CVE-2020-15106", "UB:CVE-2020-15112", "UB:CVE-2020-15113", "UB:CVE-2020-26160", "UB:CVE-2020-27813", "UB:CVE-2020-28851", "UB:CVE-2020-28852", "UB:CVE-2020-29652", "UB:CVE-2020-36067", "UB:CVE-2020-7919", "UB:CVE-2020-8551", "UB:CVE-2020-8552", "UB:CVE-2020-8554", "UB:CVE-2020-8555", "UB:CVE-2020-8557", "UB:CVE-2020-8559", "UB:CVE-2020-8562", "UB:CVE-2020-8564", "UB:CVE-2020-8565", "UB:CVE-2020-9283", "UB:CVE-2021-20206", "UB:CVE-2021-25735", "UB:CVE-2021-25736", "UB:CVE-2021-25737", "UB:CVE-2021-27918", "UB:CVE-2021-30465", "UB:CVE-2021-3121", "UB:CVE-2021-31525", "UB:CVE-2021-33194", "UB:CVE-2021-3538", "UB:CVE-2021-41190", "UB:CVE-2021-42248", "UB:CVE-2021-42836", "UB:CVE-2021-43565", "UB:CVE-2021-43784", "UB:CVE-2021-44716", "UB:CVE-2022-27191"]}, {"type": "veracode", "idList": ["VERACODE:10687", "VERACODE:12810", "VERACODE:13052", "VERACODE:13255", "VERACODE:13572", "VERACODE:13694", "VERACODE:18694", "VERACODE:20595", "VERACODE:20637", "VERACODE:20995", "VERACODE:21011", "VERACODE:21205", "VERACODE:21438", "VERACODE:21539", "VERACODE:21578", "VERACODE:21604", "VERACODE:22401", "VERACODE:22548", "VERACODE:22778", "VERACODE:22780", "VERACODE:22914", "VERACODE:25627", "VERACODE:25694", "VERACODE:25897", "VERACODE:25953", "VERACODE:26050", "VERACODE:26051", "VERACODE:27284", "VERACODE:27617", "VERACODE:28638", "VERACODE:28883", "VERACODE:28897", "VERACODE:28947", "VERACODE:28968", "VERACODE:29105", "VERACODE:29294", "VERACODE:29664", "VERACODE:29753", "VERACODE:29754", "VERACODE:30271", "VERACODE:30395", "VERACODE:30535", "VERACODE:30700", "VERACODE:30791", "VERACODE:31784", "VERACODE:32277", "VERACODE:32709", "VERACODE:33020", "VERACODE:33194", "VERACODE:33335", "VERACODE:34735", "VERACODE:35062", "VERACODE:35110", "VERACODE:39201", "VERACODE:5923", "VERACODE:6207", "VERACODE:6213", "VERACODE:7497", "VERACODE:7502", "VERACODE:7554", "VERACODE:7555", "VERACODE:7778", "VERACODE:7927"]}, {"type": "zdt", "idList": ["1337DAY-ID-31840", "1337DAY-ID-31841", "1337DAY-ID-34008"]}]}, "affected_software": {"major_version": [{"name": "ibm\u00ae db2\u00ae and db2 warehouse\u00ae on cloud pak for data v3.5 through refresh 10v4.0 through refresh", "version": 9}]}, "epss": [{"cve": "CVE-2017-1002101", "epss": 0.00131, "percentile": 0.46624, "modified": "2023-05-02"}, {"cve": "CVE-2017-18367", "epss": 0.00238, "percentile": 0.60375, "modified": "2023-05-01"}, {"cve": "CVE-2018-1002105", "epss": 0.72851, "percentile": 0.97565, "modified": "2023-05-02"}, {"cve": "CVE-2018-1098", "epss": 0.0027, "percentile": 0.62951, "modified": "2023-05-02"}, {"cve": "CVE-2018-1099", "epss": 0.00068, "percentile": 0.27651, "modified": "2023-05-02"}, {"cve": "CVE-2018-16886", "epss": 0.018, "percentile": 0.86337, "modified": "2023-05-02"}, {"cve": "CVE-2018-17142", "epss": 0.00125, "percentile": 0.45608, "modified": "2023-05-02"}, {"cve": "CVE-2018-17143", "epss": 0.00285, "percentile": 0.63984, "modified": "2023-05-02"}, {"cve": "CVE-2018-17846", "epss": 0.00204, "percentile": 0.56916, "modified": "2023-05-02"}, {"cve": "CVE-2018-17847", "epss": 0.00143, "percentile": 0.48678, "modified": "2023-05-02"}, {"cve": "CVE-2018-17848", "epss": 0.00158, "percentile": 0.50804, "modified": "2023-05-02"}, {"cve": "CVE-2018-20699", "epss": 0.00097, "percentile": 0.39154, "modified": "2023-05-02"}, {"cve": "CVE-2019-1002101", "epss": 0.00072, "percentile": 0.29257, "modified": "2023-05-01"}, {"cve": "CVE-2019-11246", "epss": 0.00081, "percentile": 0.33173, "modified": "2023-05-01"}, {"cve": "CVE-2019-11247", "epss": 0.00147, "percentile": 0.49364, "modified": "2023-05-01"}, {"cve": "CVE-2019-11249", "epss": 0.00162, "percentile": 0.51341, "modified": "2023-05-01"}, {"cve": "CVE-2019-11250", "epss": 0.00112, "percentile": 0.43104, "modified": "2023-05-01"}, {"cve": "CVE-2019-11251", "epss": 0.0005, "percentile": 0.16905, "modified": "2023-05-01"}, {"cve": "CVE-2019-11252", "epss": 0.00065, "percentile": 0.26515, "modified": "2023-05-01"}, {"cve": "CVE-2019-11253", "epss": 0.00825, "percentile": 0.795, "modified": "2023-05-01"}, {"cve": "CVE-2019-11254", "epss": 0.00101, "percentile": 0.40095, "modified": "2023-05-01"}, {"cve": "CVE-2019-11840", "epss": 0.00793, "percentile": 0.79083, "modified": "2023-05-01"}, {"cve": "CVE-2019-11841", "epss": 0.00403, "percentile": 0.69801, "modified": "2023-05-01"}, {"cve": "CVE-2019-16884", "epss": 0.00239, "percentile": 0.60457, "modified": "2023-05-01"}, {"cve": "CVE-2020-10752", "epss": 0.00104, "percentile": 0.412, "modified": "2023-05-01"}, {"cve": "CVE-2020-14040", "epss": 0.00105, "percentile": 0.41521, "modified": "2023-05-01"}, {"cve": "CVE-2020-15106", "epss": 0.00065, "percentile": 0.26727, "modified": "2023-05-01"}, {"cve": "CVE-2020-15112", "epss": 0.00065, "percentile": 0.26727, "modified": "2023-05-01"}, {"cve": "CVE-2020-15113", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-26160", "epss": 0.00175, "percentile": 0.53175, "modified": "2023-05-01"}, {"cve": "CVE-2020-27813", "epss": 0.00131, "percentile": 0.46606, "modified": "2023-05-01"}, {"cve": "CVE-2020-28851", "epss": 0.00101, "percentile": 0.40132, "modified": "2023-05-01"}, {"cve": "CVE-2020-28852", "epss": 0.00104, "percentile": 0.41266, "modified": "2023-05-01"}, {"cve": "CVE-2020-29652", "epss": 0.00578, "percentile": 0.74822, "modified": "2023-05-01"}, {"cve": "CVE-2020-36067", "epss": 0.00089, "percentile": 0.36803, "modified": "2023-05-01"}, {"cve": "CVE-2020-7919", "epss": 0.00824, "percentile": 0.79489, "modified": "2023-05-01"}, {"cve": "CVE-2020-8551", "epss": 0.00112, "percentile": 0.43223, "modified": "2023-05-01"}, {"cve": "CVE-2020-8552", "epss": 0.00081, "percentile": 0.33237, "modified": "2023-05-01"}, {"cve": "CVE-2020-8554", "epss": 0.00131, "percentile": 0.46556, "modified": "2023-05-01"}, {"cve": "CVE-2020-8555", "epss": 0.00099, "percentile": 0.398, "modified": "2023-05-01"}, {"cve": "CVE-2020-8557", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-8559", "epss": 0.0027, "percentile": 0.62975, "modified": "2023-05-01"}, {"cve": "CVE-2020-8564", "epss": 0.00047, "percentile": 0.14266, "modified": "2023-05-01"}, {"cve": "CVE-2020-8565", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-9283", "epss": 0.05131, "percentile": 0.91733, "modified": "2023-05-01"}, {"cve": "CVE-2021-20206", "epss": 0.00116, "percentile": 0.44035, "modified": "2023-05-01"}, {"cve": "CVE-2021-25735", "epss": 0.00068, "percentile": 0.27995, "modified": "2023-05-01"}, {"cve": "CVE-2021-25737", "epss": 0.0006, "percentile": 0.23555, "modified": "2023-05-01"}, {"cve": "CVE-2021-25741", "epss": 0.0012, "percentile": 0.4474, "modified": "2023-05-02"}, {"cve": "CVE-2021-27918", "epss": 0.00081, "percentile": 0.3331, "modified": "2023-05-01"}, {"cve": "CVE-2021-30465", "epss": 0.00222, "percentile": 0.5901, "modified": "2023-05-01"}, {"cve": "CVE-2021-3121", "epss": 0.0037, "percentile": 0.68495, "modified": "2023-05-01"}, {"cve": "CVE-2021-31525", "epss": 0.00315, "percentile": 0.65782, "modified": "2023-05-01"}, {"cve": "CVE-2021-33194", "epss": 0.00108, "percentile": 0.4235, "modified": "2023-05-01"}, {"cve": "CVE-2021-3538", "epss": 0.00212, "percentile": 0.57561, "modified": "2023-05-01"}, {"cve": "CVE-2021-41190", "epss": 0.00124, "percentile": 0.45374, "modified": "2023-05-02"}, {"cve": "CVE-2021-42248", "epss": 0.00053, "percentile": 0.18917, "modified": "2023-05-02"}, {"cve": "CVE-2021-42836", "epss": 0.00117, "percentile": 0.44207, "modified": "2023-05-02"}, {"cve": "CVE-2021-43565", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-05-02"}, {"cve": "CVE-2021-43784", "epss": 0.00163, "percentile": 0.51503, "modified": "2023-05-02"}, {"cve": "CVE-2021-44716", "epss": 0.0012, "percentile": 0.44858, "modified": "2023-05-02"}, {"cve": "CVE-2022-27191", "epss": 0.00214, "percentile": 0.57937, "modified": "2023-05-02"}], "vulnersScore": 10.2}, "_state": {"dependencies": 1686087756, "score": 1686074007, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "d245fa41d403c80d07e1d5f99862677b"}, "affectedSoftware": [{"version": "9", "operator": "eq", "name": "ibm\u00ae db2\u00ae and db2 warehouse\u00ae on cloud pak for data v3.5 through refresh 10v4.0 through refresh"}]}

{"ibm": [{"lastseen": "2023-06-06T17:39:55", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-8559", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2023-02-14T21:14:53", "id": "1BC083EA4858E87682C2DCC388853D4448B262347029C3CAC17ED3DD53B87E2B", "href": "https://www.ibm.com/support/pages/node/6833278", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:40:04", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-17847](<https://vulners.com/cve/CVE-2018-17847>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17848](<https://vulners.com/cve/CVE-2018-17848>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an index out of range flaw during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150633](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150633>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-17846](<https://vulners.com/cve/CVE-2018-17846>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an error during an html.Parse call in the html package. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-8559", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2023-02-14T21:04:36", "id": "1D122E5717E6BDDA2976836FBA5EB572CDBD9A9C5B48AF895D30982993B5723D", "href": "https://www.ibm.com/support/pages/node/6833280", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:39:54", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-10752](<https://vulners.com/cve/CVE-2020-10752>) \n** DESCRIPTION: **OpenShift API Server could allow a remote attacker to obtain sensitive information, caused by the leaking of OAuthTokens to log files when API Server panic occurred. By gaining access to the log files, an attacker could exploit this vulnerability to obtain OAuthTokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &gt;= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-27813](<https://vulners.com/cve/CVE-2020-27813>) \n** DESCRIPTION: **Gorilla WebSocket is vulnerable to a denial of service, caused by an integer overflow with the length of websocket frames received. By sending a specially-crafted websocket connection request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the HTTP Server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11247", "CVE-2019-11250", "CVE-2020-10752", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-8565", "CVE-2021-25735", "CVE-2021-3121"], "modified": "2023-02-14T21:14:53", "id": "FCF30D7ADA54D4AE43D018AEE7C5A4607A5A17AD991F64ABB89758502D022DD9", "href": "https://www.ibm.com/support/pages/node/6833272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:40:02", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-10752](<https://vulners.com/cve/CVE-2020-10752>) \n** DESCRIPTION: **OpenShift API Server could allow a remote attacker to obtain sensitive information, caused by the leaking of OAuthTokens to log files when API Server panic occurred. By gaining access to the log files, an attacker could exploit this vulnerability to obtain OAuthTokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &gt;= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-27813](<https://vulners.com/cve/CVE-2020-27813>) \n** DESCRIPTION: **Gorilla WebSocket is vulnerable to a denial of service, caused by an integer overflow with the length of websocket frames received. By sending a specially-crafted websocket connection request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the HTTP Server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-25735](<https://vulners.com/cve/CVE-2021-25735>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when performing note updates. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11247", "CVE-2019-11250", "CVE-2020-10752", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-8565", "CVE-2021-25735", "CVE-2021-3121"], "modified": "2023-02-14T21:04:36", "id": "E729E553D7DEE030B1A83DB69F2510017BB5645C970A5BC20855AF904517097A", "href": "https://www.ibm.com/support/pages/node/6833274", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:36:08", "description": "## Summary\n\nIBM Edge Application Manager 4.5 has resolved the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-26160](<https://vulners.com/cve/CVE-2020-26160>) \n** DESCRIPTION: **jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[\"aud\"] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2018-16886](<https://vulners.com/cve/CVE-2018-16886>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by improper authentication in auth/store.go:AuthInfoFromTLS() when role-based access control (RBAC) is used and client-cert-auth is enabled. By sending a specially crafted REST API request to the gRPC-gateway, an attacker could exploit this vulnerability to bypass authentication. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155498](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155498>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-29526](<https://vulners.com/cve/CVE-2022-29526>) \n** DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the Faccessat function when called with a non-zero flags parameter. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain accessible file information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/229593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/229593>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Edge Application Manager| 4.4 \nIBM Edge Application Manager| 4.3 \n \n\n\n## Remediation/Fixes\n\nThe fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-05-15T18:36:46", "type": "ibm", "title": "Security Bulletin: Open Source Dependency Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886", "CVE-2020-14040", "CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-26160", "CVE-2021-44716", "CVE-2022-29526"], "modified": "2023-05-15T18:36:46", "id": "FEEB22705846872BB83E3BC9FE94522005DBC482F542E59A9C17E7BC4EEDF76A", "href": "https://www.ibm.com/support/pages/node/6991619", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:42:01", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private Kubernetes\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION:** Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164767> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION:** Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a users workstation. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164768> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages\n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.0\n\nFor IBM Cloud Private 3.2.0, apply Oct fixpack or patch:\n\n * [IBM Cloud Private 3.2.0 Oct fixpack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private&fixids=icp-3.2.0.1910-build534861-31972&source=myna&myns=swgother&mynp=OCSSBS6K&mync=E&cm_sp=swgother-_-OCSSBS6K-_-E&function=fixId&parent=ibm/WebSphere>)\n * [IBM Cloud Private 3.2.0 patch](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.0-build534124-29620&includeSupersedes=0>)\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2: \n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.1. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-11-23T16:28:17", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Kubernetes (CVE-2019-11247, CVE-2019-11249)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11249"], "modified": "2019-11-23T16:28:17", "id": "0BC93E77320B8F4F56F1603410A45D8342375F10AFFD31D582D693509969DD5A", "href": "https://www.ibm.com/support/pages/node/1074736", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:49:25", "description": "## Summary\n\nGolang packages are used in IBM Netezza Software As A Service. Golang net sub module is vulnerable to denial of service. Vulnerability is addressed by upgrading Golang to version 1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Product**| **Versions;** \n---|--- \nIBM Netezza As A Service | 11.2.2.1 - 11.2.2.2 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix.**\n\n**Product**| **Version **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Netezza As A Service | 11.2.2.3| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.2.3-WS-ICPDS-NPS-fp12089> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-28T11:57:28", "type": "ibm", "title": "Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-44716"], "modified": "2022-06-28T11:57:28", "id": "1235191EB33863C1E482EB2FBE8EE07837715EFC366FA3ACAF8DD7BA16B54E47", "href": "https://www.ibm.com/support/pages/node/6599203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:39:54", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21698](<https://vulners.com/cve/CVE-2022-21698>) \n** DESCRIPTION: **Prometheus Go client library (client_golang ) is vulnerable to a denial of service, caused by a flaw when handling requests with non-standard HTTP methods. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a memory exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219707](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219707>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel &gt;= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11840](<https://vulners.com/cve/CVE-2019-11840>) \n** DESCRIPTION: **Golang golang-googlecode-go-crypto could allow a remote attacker to obtain sensitive information, caused by a flaw in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. By generating a specially-crafted keystream, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-38561](<https://vulners.com/cve/CVE-2021-38561>) \n** DESCRIPTION: **Golang Go Text is vulnerable to a denial of service, caused by an improper index calculation that allows an incorrectly formatted language tag to panic Parse. A remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11840", "CVE-2020-14040", "CVE-2020-7919", "CVE-2020-8552", "CVE-2020-8564", "CVE-2021-31525", "CVE-2021-38561", "CVE-2022-21698"], "modified": "2023-02-14T21:14:53", "id": "2ACAF7EF965645E3B6441E6A8A68E6FE8B309E3EF7A1558180C489C22189FA2F", "href": "https://www.ibm.com/support/pages/node/6833266", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-06T17:40:04", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21698](<https://vulners.com/cve/CVE-2022-21698>) \n** DESCRIPTION: **Prometheus Go client library (client_golang ) is vulnerable to a denial of service, caused by a flaw when handling requests with non-standard HTTP methods. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a memory exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219707](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219707>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel &gt;= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-11840](<https://vulners.com/cve/CVE-2019-11840>) \n** DESCRIPTION: **Golang golang-googlecode-go-crypto could allow a remote attacker to obtain sensitive information, caused by a flaw in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. By generating a specially-crafted keystream, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160943](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160943>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-38561](<https://vulners.com/cve/CVE-2021-38561>) \n** DESCRIPTION: **Golang Go Text is vulnerable to a denial of service, caused by an improper index calculation that allows an incorrectly formatted language tag to panic Parse. A remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11840", "CVE-2020-14040", "CVE-2020-7919", "CVE-2020-8552", "CVE-2020-8564", "CVE-2021-31525", "CVE-2021-38561", "CVE-2022-21698"], "modified": "2023-02-14T21:04:36", "id": "72323A87B15F078C393C08C2C6CBC69CF69DA2EEF2BE247F76E5827524377951", "href": "https://www.ibm.com/support/pages/node/6833268", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:47:03", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM API Connect| API Connect V10.0.1.0 \nIBM API Connect| V2018.4.1.0-2018.4.1.13 \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.13\n\n| 2018.4.1.15| \n\nLI81877\n\n| \n\nAddressed in IBM API Connect V2018.4.1.15.\n\nAll components are impacted.\n\nFollow this link and find the packages.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.13&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \nIBM API Connect \n\nV10.0.1.0\n\n| 10.0.1.1| \n\nLI81877\n\n| \n\nAddressed in IBM API Connect V10.0.1.1\n\nAll components are impacted.\n\nFollow this link and find the packages.\n\n \n\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=10.0.0.0&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-02T13:37:27", "type": "ibm", "title": "Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113"], "modified": "2021-02-02T13:37:27", "id": "0B53E3200D5A713133384D9D4BDCA43744971BD77A6671BF60F2E13078EEFEB2", "href": "https://www.ibm.com/support/pages/node/6410854", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:46:07", "description": "## Summary\n\nIBM Cloud Private is vulnerable to etcd vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-15106](<https://vulners.com/cve/CVE-2020-15106>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause panic in decodeRecord method, \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186329](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186329>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15112](<https://vulners.com/cve/CVE-2020-15112>) \n** DESCRIPTION: **etcd is vulnerable to a denial of service, caused by a flaw in the ReadAll method in wal/wal.go. By sending a specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause a runtime panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186328>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\n \n\n\nFor IBM Cloud Private 3.2.1, the defect fixes for Kubernetes requires an update to the Kubernetes version. First apply the 3.2.1.2003 fix pack and then apply either the 3.2.2.2006 fixpack or the 3.2.2.2008 fixpack. Then apply the 3.2.2.2012 fixpack. The 3.2.2.2006 or the 3.2.2.2008 fixpack updates Kubernetes from version 1.13.12 to 1.16.7. The 3.2.2.2012 updates Kubernetes from version 1.16.7 to 1.19\n\n * [IBM Cloud Private 3.2.1.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2003-build547202-36013&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2003\" )\n * [IBM Cloud Private 3.2.2.2006](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2006-build553613-35974&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2006\" )\n * [IBM Cloud Private 3.2.2.2008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2008-build559106-39079&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2008\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2012-build600195-41237&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2012\" )\n\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-26T14:21:09", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to etcd vulnerabilities (CVE-2020-15106, CVE-2020-15112, CVE-2020-15113)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113"], "modified": "2021-02-26T14:21:09", "id": "E6C3E8A20C2A38509AF9365413B7BCB90C242838A01C16ED3D3D195E054C46F4", "href": "https://www.ibm.com/support/pages/node/6417459", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:40:03", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14623](<https://vulners.com/cve/CVE-2017-14623>) \n** DESCRIPTION: **ldap.v2 package (go-ldap) could allow a remote attacker to bypass security restrictions under certain conditions. An attacker could exploit this vulnerability to login with an empty password. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132379>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-43565](<https://vulners.com/cve/CVE-2021-43565>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14623", "CVE-2020-15113", "CVE-2020-29652", "CVE-2020-9283", "CVE-2021-43565"], "modified": "2023-02-14T21:04:36", "id": "E859CE7E5B23AC8D6E62C2CDCCAA3A02B47C985377E910F4A97BF8E00F88B208", "href": "https://www.ibm.com/support/pages/node/6833250", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:50:18", "description": "## Summary\n\nMultiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-34558](<https://vulners.com/cve/CVE-2021-34558>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by the failure to properly assert that the type of public key in an X.509 certificate matches the expected type in the crypto/tls package. By persuading a victim to connect to a specially-crafted TLS server, a remote attacker could exploit this vulnerability to cause a TLS client to panic. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205578](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205578>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System | V2.3.0 - V2.3.3.3 Interim Fix 1 \n \n## Remediation/Fixes\n\nFor unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product.\n\nMultiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System . In Response to vulnerabilities IBM shipped new release Cloud Pak System v.2.3.3.4 upgraded Golang Go to Golang Go v.1.17. \n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.3 Interim Fix 1 upgrade to V2.3.3.4 at [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.4&platform=All&function=all> \"Fix Central\" )\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T19:21:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been found in Golang Go which is shipped with Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29652", "CVE-2021-31525", "CVE-2021-34558"], "modified": "2022-05-06T19:21:52", "id": "1B086DC97C90E0AC70793D2174FE88271D65351E3C6955FB974DACDEE4BC1951", "href": "https://www.ibm.com/support/pages/node/6519392", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T17:48:21", "description": "## Summary\n\nGolang packages are used in IBM Netezza for Cloud Pak for Data. Golang net sub module is vulnerable to denial of service. Vulnerability is addressed by upgrading Golang to version 1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| 11.2.1.0 - 11.2.1.5 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix.**\u200b\n\n**Product**| **Version **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.2.1.6| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.1.6-IF1-WS-ICPDS-NPS-fp14652> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-08T17:39:46", "type": "ibm", "title": "Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to denial of service due to Golang net package (CVE-2021-27918, CVE-2021-44716, CVE-2021-31525)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-44716"], "modified": "2022-08-08T17:39:46", "id": "E43687480718D62403FAE624926EF4DCB0A894AFF26C5E9C5F75A8D56B17B6E6", "href": "https://www.ibm.com/support/pages/node/6610915", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:39:55", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-29652](<https://vulners.com/cve/CVE-2020-29652>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a NULL pointer dereference in the golang.org/x/crypto/ssh component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193622](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193622>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14623](<https://vulners.com/cve/CVE-2017-14623>) \n** DESCRIPTION: **ldap.v2 package (go-ldap) could allow a remote attacker to bypass security restrictions under certain conditions. An attacker could exploit this vulnerability to login with an empty password. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132379](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132379>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-43565](<https://vulners.com/cve/CVE-2021-43565>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an input validation flaw in golang.org/x/crypto's readCipherPacket() function. By sending an empty plaintext packet to a program linked with golang.org/x/crypto/ssh, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-3204](<https://vulners.com/cve/CVE-2017-3204>) \n** DESCRIPTION: **Go SSH library is vulnerable to a man-in-the-middle attack, caused by improper validation of host keys. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/128718](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128718>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15113](<https://vulners.com/cve/CVE-2020-15113>) \n** DESCRIPTION: **etcd could allow a remote attacker to bypass security restrictions, caused by the lack of permission checks in the os.MkdirAll function when a given directory path exists already. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-9283](<https://vulners.com/cve/CVE-2020-9283>) \n** DESCRIPTION: **Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package. By persuading a victim to run a specially crafted file, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176688>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14623", "CVE-2017-3204", "CVE-2020-15113", "CVE-2020-29652", "CVE-2020-9283", "CVE-2021-43565"], "modified": "2023-02-14T21:14:53", "id": "BA1A0E184888C0EF0CB32C88DB01C0557118D94034B3DF0E37C668638A21EE88", "href": "https://www.ibm.com/support/pages/node/6833248", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:35:03", "description": "## Summary\n\nIBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-41190](<https://vulners.com/cve/CVE-2021-41190>) \n** DESCRIPTION: **Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when a Content-Type header changed between two pulls of the same digest. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause a client to interpret the resulting content differently. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-24778](<https://vulners.com/cve/CVE-2022-24778>) \n** DESCRIPTION: **Imgcrypt could allow a remote attacker to bypass security restrictions, caused by missing check in CheckAuthorization() code path. By sending a specially-crafted request, an attacker could exploit this vulnerability to access to encryted container image on a shared system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-21698](<https://vulners.com/cve/CVE-2022-21698>) \n** DESCRIPTION: **Prometheus Go client library (client_golang ) is vulnerable to a denial of service, caused by a flaw when handling requests with non-standard HTTP methods. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a memory exhaustion. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219707](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219707>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3121](<https://vulners.com/cve/CVE-2021-3121>) \n** DESCRIPTION: **An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-20206](<https://vulners.com/cve/CVE-2021-20206>) \n** DESCRIPTION: **containernetworking cni could allow a remote authenticated attacker to traverse directories on the system. An attacker could load a specially-crafted network configuration containing \"dot dot\" sequences (/../) in the 'type' field to execute arbitrary files on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23648](<https://vulners.com/cve/CVE-2022-23648>) \n** DESCRIPTION: **containerd could allow a remote attacker to obtain sensitive information, caused by a flaw in the CRI implementation. By using a specially-crafted image configuration, an attacker could exploit this vulnerability to access to read-only copies of arbitrary files and directories on the host system, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-32760](<https://vulners.com/cve/CVE-2021-32760>) \n** DESCRIPTION: **Containerd could allow a remote attacker to gain elevated privileges on the system, caused by improper file permissions. By pulling and extracting a specially-crafted container image, an attacker could exploit this vulnerability to perform Unix file permission changes for existing files in the host's filesystem. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205942](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205942>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &gt;= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-30465](<https://vulners.com/cve/CVE-2021-30465>) \n** DESCRIPTION: **Open Container Initiative runc could allow a remote authenticated attacker to bypass security restrictions, caused by a symlink exchange attack. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow host filesystem being bind-mounted into the container. \nCVSS Base score: 7.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202132](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202132>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2021-41103](<https://vulners.com/cve/CVE-2021-41103>) \n** DESCRIPTION: **containerd could allow a local authenticated attacker to traverse directories on the system, caused by improper restricted permissions on container root and plugin directories. An attacker could send a specially-crafted request containing \"dot dot\" sequences (/../) to view directory contents and execute programs. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/210615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/210615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-21334](<https://vulners.com/cve/CVE-2021-21334>) \n** DESCRIPTION: **containerd could allow a remote attacker to obtain sensitive information, caused by a flaw in the CRI implementation. By launching containers that uses the containerd CRI service, an attacker could exploit this vulnerability to obtain environment variables information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198079](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198079>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Edge Application Manager| 4.4 \nIBM Edge Application Manager| 4.3 \n \n\n\n## Remediation/Fixes\n\nThe fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.7}, "published": "2023-05-31T05:42:24", "type": "ibm", "title": "Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8565", "CVE-2021-20206", "CVE-2021-21334", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-32760", "CVE-2021-41103", "CVE-2021-41190", "CVE-2021-44716", "CVE-2022-21698", "CVE-2022-23648", "CVE-2022-24778"], "modified": "2023-05-31T05:42:24", "id": "BC833C23BBEB81DC30F26014A70792A9D0E36E4FB4F6F70D589D1606D3780C58", "href": "https://www.ibm.com/support/pages/node/6999559", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T17:35:14", "description": "## Summary\n\nIBM Edge Application Manager 4.5 has resolved the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-30633](<https://vulners.com/cve/CVE-2022-30633>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27918](<https://vulners.com/cve/CVE-2021-27918>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop flaw when using xml.NewTokenDecoder with a custom TokenReader. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-31525](<https://vulners.com/cve/CVE-2021-31525>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and Client, a remote attacker could exploit this vulnerability to cause a (panic) denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202709](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202709>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-28131](<https://vulners.com/cve/CVE-2022-28131>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233141](<https://exchange.xforce.ibmcloud.com/vulnerabilities/233141>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-44716](<https://vulners.com/cve/CVE-2021-44716>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled memory consumption in the header canonicalization cache in net/http. By sending HTTP/2 requests, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216553](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216553>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-33194](<https://vulners.com/cve/CVE-2021-33194>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202644>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Edge Application Manager| 4.4 \nIBM Edge Application Manager| 4.3 \n \n\n\n## Remediation/Fixes\n\nThe fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-15T18:34:46", "type": "ibm", "title": "Security Bulletin: Open Source Dependency Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33194", "CVE-2021-44716", "CVE-2022-28131", "CVE-2022-30633"], "modified": "2023-05-15T18:34:46", "id": "FD26ACB4315E02B8E8132EC3DD0C3DE48709C63BDD7824030F954FFA49E19DAD", "href": "https://www.ibm.com/support/pages/node/6991617", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:19", "description": "## Summary\n\nFixed OSS issus for listed CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n** DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| All \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.1.0 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=11.1.1.0-IM-INZCPD-fp200831&product=ibm%2FInformation%20Management%2FIBM%20Netezza%20for%20Cloud%20Pak%20for%20Data&source=dbluesearch&mhsrc=ibmsearch_s&mhq=IBM%20Netezza%20for%20Cloud%20Pak%20for%20Data%2011.1.1.0&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-11T07:10:49", "type": "ibm", "title": "Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11248", "CVE-2019-11253", "CVE-2019-11254", "CVE-2020-7919"], "modified": "2020-12-11T07:10:49", "id": "C2FBE434FDED9DC756BE855E33C9AD8C0A5B759539A8AEC3235DE5AFDA3E29EF", "href": "https://www.ibm.com/support/pages/node/6381242", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-27T21:44:38", "description": "## Summary\n\nMuiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-9512](<https://vulners.com/cve/CVE-2019-9512>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings to an HTTP/2 peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9514](<https://vulners.com/cve/CVE-2019-9514>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Reset Flood attack. By opening a number of streams and sending an invalid request over each stream, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to traverse directories on the system, caused by an incomplete fix for CVE-2019-1002101 and CVE-2019-11246. By persuading a victim to use the kubectl cp command with a malicious container, an attacker could replace or create arbitrary files on a user\u2019s workstation. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to gain unauthorized access to the system, caused by an error in the API server. By sending a specially crafted request using the wrong scope, an attacker could exploit this vulnerability to create, view, update or delete the cluster-scoped resource. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n**DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By sending a stream of headers with a 0-length header name and 0-length header value, a remote attacker could consume excessive memory resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending a stream of SETTINGS frames to the peer, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Empty Frame Flooding attack. By sending a stream of frames with an empty payload and without the end-of-stream flag, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n**DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by the exposure of the debugging endpoint /debug/pprof by default on Kubelet healthz port. An attacker could exploit this vulnerability to obtain internal Kubelet memory addresses and configuration or cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n**CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server with a microservices tier | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR63311](<http://www.ibm.com/support/docview.wss?uid=swg1JR63311> \"JR63311\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.1\" ) \n\\--Apply IBM Information Server version [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1\" ) \n \n \nFor Red Hat 8 installations contact IBM Customer support \n \n \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-01T21:05:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-11254", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "modified": "2021-04-01T21:05:42", "id": "7A8DF41BD76EC438451409A025AAD65BC78A02087B1DD7CD7F2F435E28BE86C0", "href": "https://www.ibm.com/support/pages/node/6436613", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-06T17:35:38", "description": "## Summary\n\nIBM Edge Application Manager 4.5 has resolved the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-38561](<https://vulners.com/cve/CVE-2021-38561>) \n** DESCRIPTION: **Golang Go Text is vulnerable to a denial of service, caused by an improper index calculation that allows an incorrectly formatted language tag to panic Parse. A remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14040](<https://vulners.com/cve/CVE-2020-14040>) \n** DESCRIPTION: **Go Language x/text package is vulnerable to a denial of service, caused by a vulnerability in encoding/unicode in the UTF-16 decoder. By sending a single byte to a UTF16 decoder, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Edge Application Manager| 4.4 \nIBM Edge Application Manager| 4.3 \n \n\n\n## Remediation/Fixes\n\nThe fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-15T17:56:50", "type": "ibm", "title": "Security Bulletin: Open Source Dependency Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14040", "CVE-2020-28851", "CVE-2020-28852", "CVE-2021-38561"], "modified": "2023-05-15T17:56:50", "id": "BEA5EE713AB6C06AFEADA582472FE62DD7145AE387D605D4AFE65D032A4C9860", "href": "https://www.ibm.com/support/pages/node/6991593", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:38:55", "description": "## Summary\n\nMultiple vulnerabilities CVE-2019-11249, CVE-2019-11247 found in Kubernetes package.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION: **The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user's machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n\n \n**CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION: **The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM PowerAI Vision | 1.1.3 \nIBM PowerAI Vision | 1.1.4 \n \n## Remediation/Fixes\n\nKubernetes has been upgraded in PowerAI Vision 1.1.5 to a level that addresses this vulnerability.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-08T04:39:30", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11247", "CVE-2019-11249"], "modified": "2020-01-08T04:39:30", "id": "422E49C6FF275EE46A97F74B0B5F21D1F18DB4A09578B07DBD2F195E22B01ABB", "href": "https://www.ibm.com/support/pages/node/1168522", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:38:58", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11249](<https://vulners.com/cve/CVE-2019-11249>) \n**DESCRIPTION: **The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) \n\n \n**CVEID: **[CVE-2019-11247](<https://vulners.com/cve/CVE-2019-11247>) \n**DESCRIPTION: **The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM API Connect | 2018.4.1-2018.4.1.7 \n \n## Remediation/Fixes\n\nAffected Product | Addressed in VRMF | APAR | Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect V2018.1 - 2018.4.1.7\n\n| \n\n2018.4.1.8\n\n| LI81165 | \n\nAddressed in IBM API Connect v2018.4.1.8 and subsequent fixes.\n\nAll components are impacted.\n\n \nFollow this link and find the package appropriate for the form factor of your installation: \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.7&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-02T16:47:32", "type": "ibm", "title": "Security Bulletin: IBM API Connect is impacted by vulnerabilities in Kubernetes (CVE-2019-11249, CVE-2019-11247)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11247", "CVE-2019-11249"], "modified": "2020-01-02T16:47:32", "id": "BB8FBFB56D8E1976D6BDF686AD8FD1DFCA49CA7607104C1ADB951004E0755FE6", "href": "https://www.ibm.com/support/pages/node/1167154", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:45:00", "description": "## Summary\n\nIBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2020-28851 and CVE-2020-28852 with details of each below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n**DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud Pak for Integration (CP4I) Operator | 2020.2.1 \n2020.3.1 \n2020.4.1-0-eus \nPlatform Navigator in IBM Cloud Pak for Integration (CP4I) | 2020.2.1 \n2020.3.1 \n2020.4.1-0-eus \nAsset Repository in IBM Cloud Pak for Integration (CP4I) | 2020.2.1 \n2020.3.1 \n2020.4.1-0-eus \n \n## Remediation/Fixes\n\n**IBM Cloud Pak for Integration Operator**\n\nUpgrade Cloud Pak for Integration to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center \n<https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade.html> \n \n**Platform Navigator in ****IBM Cloud Pak for Integration**\n\nUpgrade Platform Navigator to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_platform_navigator.html>\n\n**Asset Repository** **in IBM Cloud Pak for Integration**\n\nUpgrade Asset Repository to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_asset_repo.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-23T15:48:47", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2020-28851 and CVE-2020-28852)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28851", "CVE-2020-28852"], "modified": "2021-03-23T15:48:47", "id": "7FCE3E3E222CDCA1789998F6F071B1ED0A1310F6CA44453B21275AC42EE9B8AF", "href": "https://www.ibm.com/support/pages/node/6435145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:40:03", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28851", "CVE-2020-28852"], "modified": "2023-02-14T21:04:36", "id": "C29499BD0F2FB4EE074605E30EDF431882196E6707D547E22CE00A51DC37845E", "href": "https://www.ibm.com/support/pages/node/6833290", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-06T17:39:54", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-28852](<https://vulners.com/cve/CVE-2020-28852>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194163](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194163>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28851](<https://vulners.com/cve/CVE-2020-28851>) \n** DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28851", "CVE-2020-28852"], "modified": "2023-02-14T21:14:53", "id": "61142424CDD70878D989E6861AED4B94622D1FCCFD2C3B9C395400F055A7D36E", "href": "https://www.ibm.com/support/pages/node/6833286", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:48:24", "description": "## Summary\n\nFixed OSS issue for listed CVEs. AWS storage later in NPS.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7919](<https://vulners.com/cve/CVE-2020-7919>) \n** DESCRIPTION: **Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **The Kubernetes API server is vulnerable to a denial of service, caused by a billion laughs attack, caused by an error when parsing YAML manifests. A remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza for Cloud Pak for Data| All \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.1.0 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=11.1.1.0-IM-INZCPD-fp200831&product=ibm%2FInformation%20Management%2FIBM%20Netezza%20for%20Cloud%20Pak%20for%20Data&source=dbluesearch&mhsrc=ibmsearch_s&mhq=IBM%20Netezza%20for%20Cloud%20Pak%20for%20Data%2011.1.1.0&function=fixId&parent=ibm/Information%20Management> \"Link to Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T11:16:05", "type": "ibm", "title": "Security Bulletin: Open Source Security issues for AWS storage layer in NPS.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11253", "CVE-2020-7919"], "modified": "2020-12-10T11:16:05", "id": "2E0D3D0CF86F6C48B680F76C93BAE1886AC182B679AAB019C0AA49D79D2D84BA", "href": "https://www.ibm.com/support/pages/node/6380682", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:38:55", "description": "## Summary\n\nMultiple vulnerabilities (CVE-2019-11251, CVE-2019-11253) in Kubernetes package.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n**DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in `kubectl cp` that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n \n**CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n**DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default, for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM PowerAI Vision | 1.1.3 \nIBM PowerAI Vision | 1.1.4 \n \n## Remediation/Fixes\n\nKubernetes has been upgraded in PowerAI Vision 1.1.5 to a level that addresses this vulnerability.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-08T16:47:26", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11251", "CVE-2019-11253"], "modified": "2020-01-08T16:47:26", "id": "5ADDCDCCBCAA61DA8CF5B02CB5B449E5A5F2BFFE2D509DF07ECBF25E4F3493E4", "href": "https://www.ibm.com/support/pages/node/1168570", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T17:45:57", "description": "## Summary\n\nIBM Cloud Kubernetes Service is affected by security vulnerabilities in the Kubernetes API server that exposes it to denial of service attacks (CVE-2019-11254 and CVE-2020-8552)\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11254](<https://vulners.com/cve/CVE-2019-11254>) \n**DESCRIPTION: **Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated attacker could exploit this vulnerability to consume excessive CPU cycles. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n**DESCRIPTION:** Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/178254> for the current score.CVSS Vector:** **(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud Kubernetes Service 1.17.0-1.17.2 \nIBM Cloud Kubernetes Service 1.16.0-1.16.6 \nIBM Cloud Kubernetes Service 1.15.0-1.15.9 \nIBM Cloud Kubernetes Service 1.5-1.14\n\n## Remediation/Fixes\n\nUpdates for IBM Cloud Kubernetes Service clusters at versions 1.15 and later are available that fix this vulnerability. IBM Cloud Kubernetes Service will attempt to automatically apply the fix to your cluster master. There is no need to update cluster worker nodes for this vulnerability.\n\nTo verify your clusters are no longer exposed to this vulnerability, use the following IBM Cloud CLI command to confirm your cluster master versions:\n\nibmcloud ks clusters\n\nIf your cluster masters are at one of the following versions or later, they are no longer exposed to this vulnerability:\n\n[1.15.10](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#11510_1531> \"1.15.10\" ) \n[1.16.7](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1167_1524> \"1.16.7\" ) \n[1.17.3](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1173_1516> \"1.17.3\" )\n\nIf one or more of your clusters has not had its master automatically updated then use the following IBM Cloud CLI command to complete the cluster master update, replacing 1.## with the target version.\n\nibmcloud ks cluster master update --cluster &lt;cluster name or ID&gt; \\--version 1.##\n\nCustomers running IBM Cloud Kubernetes Service clusters at version 1.13 must upgrade first to version 1.14 and then to version 1.15. Please review the [documentation](<https://cloud.ibm.com/docs/containers?topic=containers-update#update> \"documentation\" ) before starting an upgrade since additional actions may be required.\n\nCustomers running IBM Cloud Kubernetes Service clusters at version 1.12 or earlier must [create a new cluster](<https://cloud.ibm.com/docs/containers?topic=containers-clusters#clusters> \"create a new cluster\" ) and [deploy their apps](<https://cloud.ibm.com/docs/containers?topic=containers-app#app> \"deploy their apps\" ) to the new cluster.\n\nIBM Cloud Kubernetes Service versions 1.13 and earlier are no longer supported, and version 1.14 is deprecated. See the [IBM Cloud Kubernetes Service Version information and update actions documentation](<https://cloud.ibm.com/docs/containers?topic=containers-cs_versions#cs_versions> \"IBM Cloud Kubernetes Service Version information and update actions documentation\" ) for more information about Kubernetes versions and version support policies.\n\n## Workarounds and Mitigations\n\nCustomers running IBM Cloud Kubernetes Service clusters at versions 1.14 and later that have been _upgraded from version 1.13 or earlier_, are encouraged to follow the [Kubernetes default RBAC policies for unauthenticated users](<https://cloud.ibm.com/docs/containers?topic=containers-cs_versions#114_after> \"\" ) post-upgrade migration action. Doing so helps mitigate which users are able to exploit a vulnerability like this. Clusters created at versions 1.14 or later already have these more secure defaults.\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Kubernetes Security Announcement for CVE-2019-11254](<https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc>)\n\n[Kubernetes Security Announcement for CVE-2020-8552](<https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nDD MMM 2019: Original version published \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-30T15:31:00", "type": "ibm", "title": "Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2019-11254, CVE-2020-8552)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11254", "CVE-2020-8552"], "modified": "2020-04-30T15:31:00", "id": "DFB983A046BDA51570751B63D3E7958952635B04A7122D346F824D918258AC44", "href": "https://www.ibm.com/support/pages/node/6203780", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:54:39", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8551](<https://vulners.com/cve/CVE-2020-8551>) \n** DESCRIPTION: **Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8552](<https://vulners.com/cve/CVE-2020-8552>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPI Connect| V2018.4.1.0-2018.4.1.10 \n \n## Remediation/Fixes\n\n## \n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.10\n\n| 2018.4.1.11| LI81564| \n\nAddressed in IBM API Connect V2018.4.1.11.\n\nAll components are impacted. Only ova deployments are impacted.\n\nFollow this link and find the packages for ova deployment.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.10&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-22T15:47:43", "type": "ibm", "title": "Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8551", "CVE-2020-8552"], "modified": "2020-06-22T15:47:43", "id": "AAA1E7F7408D13B0908F8A20B8978B0936350FAEE4F29868B5F998116F3084A0", "href": "https://www.ibm.com/support/pages/node/6234196", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:50:31", "description": "## Summary\n\nIBM Cloud Private is vulnerable to Kubernetes vulnerabilities \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, the defect fixes for Kubernetes require an update to the Kubernetes version. The ICP 3.2.2 fixpack updates Kubernetes from version 1.13.12 to 1.16.13 and includes defect fixes. The procedure is to first upgrade an ICP 3.2.1 deployment to ICP 3.2.1.2003 or newer. Then, you can apply the 3.2.2.2008 fix pack.\n\n * [IBM Cloud Private 3.2.1.2008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2008-build559105-39042&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2008\" )\n * [IBM Cloud Private 3.2.2.2008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2008-build559106-39079&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2008\" )\n\nFor IBM Cloud Private 3.2.2, apply Aug fix pack:\n\n * [IBM Cloud Private 3.2.2.2008](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2008-build559106-39079&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2008\" )\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2.2008. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-28T20:01:40", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8557, CVE-2020-8559)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8557", "CVE-2020-8559"], "modified": "2020-09-28T20:01:40", "id": "7EFA8759BCB67152DFF685CC5F49F4CC4107BCB1CB0D5A99E4341CAC1F608251", "href": "https://www.ibm.com/support/pages/node/6338779", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:50:06", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPI Connect| API Connect V2018.4.1.0-V2018.4.1.12 \nAPI Connect| API Connect V10.0.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM API Connect V2018.4.1.0-V2018.4.1.12 \n\n\n| \n\nIBM API Connect V2018.4.1.13\n\n| \n\nLI81762\n\n| \n\nAddressed in IBM API Connect V2018.4.1.13.\n\nAll OVA components are impacted.\n\nFollow this link and find the image appropriate for your installation.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.12&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \nIBM API Connect \n\nV10.0.0\n\n| \n\nIBM API Connect \n\nV10.0.1\n\n| \n\nLI81762\n\n| \n\nAddressed in IBM API Connect V10.0.1 \n \nAll OVA components are impacted. \n \nFollow this link and find the image appropriate OVA image for your installation.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<https://www.ibm.com/support/pages/node/6339249> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-08T01:32:33", "type": "ibm", "title": "Security Bulletin: API Connect is vulnerable to denial of service via Kubernetes (CVE-2020-8557, CVE-2020-8559)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8557", "CVE-2020-8559"], "modified": "2020-10-08T01:32:33", "id": "2B29E722CD7842746B86A41D74A03ECFD764A2734D5BE6FAAE9F2F3E29DF2040", "href": "https://www.ibm.com/support/pages/node/6344297", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:39:54", "description": "## Summary\n\nIBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Standard.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-27191](<https://vulners.com/cve/CVE-2022-27191>) \n** DESCRIPTION: **Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11841](<https://vulners.com/cve/CVE-2019-11841>) \n** DESCRIPTION: **Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160985](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160985>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Standard \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix5&source=SAR> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:14:53", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11841", "CVE-2022-27191"], "modified": "2023-02-14T21:14:53", "id": "25F4EF01BF6E7BCCF214F4B93E40309E5EC3B67C46758623AC344F3D3341C33A", "href": "https://www.ibm.com/support/pages/node/6833262", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T17:40:03", "description": "## Summary\n\nIBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-27191](<https://vulners.com/cve/CVE-2022-27191>) \n** DESCRIPTION: **Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11841](<https://vulners.com/cve/CVE-2019-11841>) \n** DESCRIPTION: **Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160985](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160985>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below. \n\nProduct \n\n| \n\nVersion \n\n| \n\nDefect \n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM CICS TX Advanced \n\n| \n\n11.1\n\n| \n\n127799\n\n| \n\n[Download the fix from here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix5&source=SAR&function=fixId&parent=ibm/Other%20software> \"Download the fix from here\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-14T21:04:36", "type": "ibm", "title": "Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11841", "CVE-2022-27191"], "modified": "2023-02-14T21:04:36", "id": "3B0D8ACB4B5B2255EF9DEA45EAD9EA39000AEC094741C7FC25293C12152020E1", "href": "https://www.ibm.com/support/pages/node/6833264", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T17:39:32", "description": "## Summary\n\nCVE-2018-1099, CVE-2018-1098 related to etcd package may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Standard| All \n \n\n\n## Remediation/Fixes\n\nIBM recommends you apply these fixes. \n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM CICS TX Standard| 11.1| Updated packages related to etcd are built with an IFIX and IFIX is made available on Fix Central| \n\n_Linux: [Fix Central Link](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix6&source=SAR> \"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix6&source=SAR\" )_ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-24T13:14:12", "type": "ibm", "title": "Security Bulletin: CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Standard", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099"], "modified": "2023-02-24T13:14:12", "id": "D6303D5529B1E857A3994EC4D24E166980135EA8F90D5FFBEDE55DA7C1C1B872", "href": "https://www.ibm.com/support/pages/node/6958082", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:39:33", "description": "## Summary\n\nCVE-2018-1099, CVE-2018-1098 related to etcd package may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-1099](<https://vulners.com/cve/CVE-2018-1099>) \n** DESCRIPTION: **etcd could allow a remote attacker to gain access to the DNS records, caused by a DNS rebinding. An attacker could exploit this vulnerability to rebind DNS records. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-1098](<https://vulners.com/cve/CVE-2018-1098>) \n** DESCRIPTION: **etcd is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141542](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141542>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM CICS TX Advanced| 11.1 \n \n\n\n## Remediation/Fixes\n\nIBM recommends you apply these fixes. \n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nIBM CICS TX Advanced| 11.1| Updated packages related to etcd are built with an IFIX and IFIX is made available on Fix Central| \n\n_Linux: [Fix Central Link](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix6&source=SAR> \"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-advanced-image-11.1.0.0-ifix6&source=SAR\" )_ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-02-24T13:11:38", "type": "ibm", "title": "Security Bulletin: CVE-2018-1099, CVE-2018-1098 may affect IBM CICS TX Advanced", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099"], "modified": "2023-02-24T13:11:38", "id": "B8931EA27BDD2F0F7419770C5E03F1B77C3A1F8EAE1CF9FDF6DD57BAB1642DFE", "href": "https://www.ibm.com/support/pages/node/6958080", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:44:36", "description": "## Summary\n\nMuiltiple vulnerabilities in Kubernetes that is used by IBM InfoSphere Information Server are addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n**DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n**DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-8555](<https://vulners.com/cve/CVE-2020-8555>) \n**DESCRIPTION: **Kubernetes is vulnerable to server-side request forgery, caused by a flaw in the kube-controller-manager. By using a specially-crafted argument, a remote authenticated attacker could exploit this vulnerability to conduct SSRF attack to leak up to 500 bytes of arbitrary information from unprotected endpoints. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-8553](<https://vulners.com/cve/CVE-2020-8553>) \n**DESCRIPTION: **Kubernetes ingress-nginx could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the annotation nginx.ingress.kubernetes.io/auth-type: basic is used. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a new Ingress definition and replace the password file. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186050>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[CVE-2018-1002102](<https://vulners.com/cve/CVE-2018-1002102>) \n**DESCRIPTION: **Kubernetes API server could allow a remote authenticated attacker to conduct phishing attacks, caused by an improper validation of URL redirection. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-8558](<https://vulners.com/cve/CVE-2020-8558>) \n**DESCRIPTION: **Kubernetes kube-proxy could allow a remote attacker to bypass security restrictions, caused by a default insecure port setting. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to TCP and UDP services on the node(s) which are bound to 127.0.0.1. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184769](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184769>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**Third Party Entry: **182747 \n**DESCRIPTION: **Kubernetes kubelet man-in-the-middle \nCVSS Base score: 6 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/182747 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182747>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server with microservices tier | 11.7 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR63311](<http://www.ibm.com/support/docview.wss?uid=swg1JR63311> \"JR63311\" )\n\n| \n\n\\--Apply InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/docview.wss?uid=ibm10878310> \"11.7.1.0\" ) \n\\--Apply Information Server [11.7.1.0 Fix Pack 1](<https://www.ibm.com/support/pages/node/6209196> \"11.7.1.0 Fix Pack 1\" ) \n\\--Apply Information Server [11.7.1.1 Service Pack 1](<https://www.ibm.com/support/pages/node/6438057> \"11.7.1.1 Service Pack 1??\" ) \n\n\nFor Red Hat 8 installations, contact IBM Customer support. \n \n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/> \"contacts for other countries\" ) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html> \"open a Service Request\" ) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-01T20:53:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002102", "CVE-2020-8553", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8558", "CVE-2020-8559"], "modified": "2021-04-01T20:53:50", "id": "3F638ACF3062BBAD408A6AB90AB722B2B647D1C82052603A0DF945EFCF2A52C8", "href": "https://www.ibm.com/support/pages/node/6436589", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:47:29", "description": "## Summary\n\nMultiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-5736](<https://vulners.com/cve/CVE-2019-5736>) \n** DESCRIPTION: **runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156819](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-1002105](<https://vulners.com/cve/CVE-2018-1002105>) \n** DESCRIPTION: **In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/153638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/153638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2019-9946](<https://vulners.com/cve/CVE-2019-9946>) \n** DESCRIPTION: **Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158803](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158803>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11250](<https://vulners.com/cve/CVE-2019-11250>) \n** DESCRIPTION: **The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-9513](<https://vulners.com/cve/CVE-2019-9513>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9511](<https://vulners.com/cve/CVE-2019-9511>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9515](<https://vulners.com/cve/CVE-2019-9515>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165181](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165181>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9516](<https://vulners.com/cve/CVE-2019-9516>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165182](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165182>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-9518](<https://vulners.com/cve/CVE-2019-9518>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11251](<https://vulners.com/cve/CVE-2019-11251>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in &amp;#96;kubectl cp&amp;#96; that allows a combination of two symlinks to copy a file outside of its destination directory. An attacker could exploit this vulnerability to write arbitrary files outside of the destination tree. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168617](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168617>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2019-11253](<https://vulners.com/cve/CVE-2019-11253>) \n** DESCRIPTION: **Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-10223](<https://vulners.com/cve/CVE-2019-10223>) \n** DESCRIPTION: **A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165077](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165077>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-17110](<https://vulners.com/cve/CVE-2019-17110>) \n** DESCRIPTION: **** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-10223. Reason: This candidate is a duplicate of CVE-2019-10223. Notes: All CVE users should reference CVE-2019-10223 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168365>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-11248](<https://vulners.com/cve/CVE-2019-11248>) \n** DESCRIPTION: **The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-11246](<https://vulners.com/cve/CVE-2019-11246>) \n** DESCRIPTION: **The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162892](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162892>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Studio - Local| 1.2.3 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \nIBM Watson Studio Local| 2.1| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \nIBM Cloud Pak for Data| 2.5| <https://www.ibm.com/software/passportadvantage/pao_customer.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T13:53:35", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002105", "CVE-2019-10223", "CVE-2019-11246", "CVE-2019-11248", "CVE-2019-11250", "CVE-2019-11251", "CVE-2019-11253", "CVE-2019-17110", "CVE-2019-5736", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518", "CVE-2019-9946"], "modified": "2019-12-20T13:53:35", "id": "731A6DDD5325438B0FCA3D1B2CA7C8881C1A425221911E3EF5FB3283E134B7EA", "href": "https://www.ibm.com/support/pages/node/1143454", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T21:46:06", "description": "## Summary\n\nIBM Cloud Private is vulnerable to Kubernetes vulnerabilities\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8566](<https://vulners.com/cve/CVE-2020-8566>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when Ceph RBD volumes are supported and kube-controller-manager is using logLevel &gt;= 4. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Ceph RBD Admin secrets, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189926](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189926>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &gt;= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8563](<https://vulners.com/cve/CVE-2020-8563>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when using VSphere provider and kube-controller-manager is using logLevel &gt;= 4. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the VSphere Cloud credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189923](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189923>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel &gt;= 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\n \n\n\nFor IBM Cloud Private 3.2.1, the defect fixes for Kubernetes requires an update to the Kubernetes version. First apply the 3.2.1.2003 fix pack and then apply either the 3.2.2.2006 fixpack or the 3.2.2.2008 fixpack. Then apply the 3.2.2.2012 fixpack. The 3.2.2.2006 or the 3.2.2.2008 fixpack updates Kubernetes from version 1.13.12 to 1.16.7. The 3.2.2.2012 updates Kubernetes from version 1.16.7 to 1.19\n\n * [IBM Cloud Private 3.2.1.2003](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2003-build547202-36013&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2003\" )\n * [IBM Cloud Private 3.2.2.2006](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2006-build553613-35974&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2006\" )\n * [IBM Cloud Private 3.2.2.2008](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2008-build559106-39079&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2008\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2012](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2012-build600195-41237&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2012\" )\n\n \n\n\nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-26T15:42:42", "type": "ibm", "title": "Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8566, CVE-2020-8565, CVE-2020-8563, CVE-2020-8564)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8563", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-8566"], "modified": "2021-02-26T15:42:42", "id": "2109EE38CC99E12F1008F0089F99297042E319B9C664BA1539651C0E4D69336F", "href": "https://www.ibm.com/support/pages/node/6417487", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-25T14:11:30", "description": "## Summary\n\nVulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8566](<https://vulners.com/cve/CVE-2020-8566>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when Ceph RBD volumes are supported and kube-controller-manager is using logLevel &amp;gt;&amp;#61; 4. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Ceph RBD Admin secrets, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189926](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189926>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8565](<https://vulners.com/cve/CVE-2020-8565>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel &amp;gt;&amp;#61; 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8563](<https://vulners.com/cve/CVE-2020-8563>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when using VSphere provider and kube-controller-manager is using logLevel &amp;gt;&amp;#61; 4. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the VSphere Cloud credentials, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189923](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189923>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8564](<https://vulners.com/cve/CVE-2020-8564>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when pull secrets are stored in a Docker config file and loglevel &amp;gt;&amp;#61; 4. By gaining access to the configuration files, an attacker could exploit this vulnerability to obtain full secrets or other credentials in docker, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189924](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189924>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-21285](<https://vulners.com/cve/CVE-2021-21285>) \n** DESCRIPTION: **Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could exploit this vulnerability to cause the dockerd daemon to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196049](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196049>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-21284](<https://vulners.com/cve/CVE-2021-21284>) \n** DESCRIPTION: **Docker could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using the --userns-remap option. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root on the system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26137](<https://vulners.com/cve/CVE-2020-26137>) \n** DESCRIPTION: **urllib3 is vulnerable to CRLF injection. By inserting CR and LF control characters in the first argument of putrequest(), a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189426>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-15187](<https://vulners.com/cve/CVE-2020-15187>) \n** DESCRIPTION: **Helm could allow a remote authenticated attacker to bypass security restrictions, caused by an issue with containing duplicates of the same entry in the plugin.yaml file. By sending a specially-crafted input, an attacker could exploit this vulnerability to modify a plugin&amp;#39;s install hooks to perform a local execution attack.. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188456](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188456>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-15186](<https://vulners.com/cve/CVE-2020-15186>) \n** DESCRIPTION: **Helm could allow a remote attacker to bypass security restrictions, caused by improper input valuation by the plugin names. By sending a specially-crafted input, an attacker could exploit this vulnerability to duplicate the name of another plugin or spoofing the output to helm --help. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188455>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-15185](<https://vulners.com/cve/CVE-2020-15185>) \n** DESCRIPTION: **Helm could allow a remote authenticated attacker to bypass security restrictions, caused by an issue with allowing duplicates of the same chart entry in the repository index file. By sending a specially-crafted input, an attacker could exploit this vulnerability to inject a bad chart into a repository. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188454](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188454>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-15184](<https://vulners.com/cve/CVE-2020-15184>) \n** DESCRIPTION: **Helm could allow a remote attacker to bypass security restrictions, caused by improper input valuation by the alias field on a Chart.yaml. By sending a specially-crafted input, an attacker could exploit this vulnerability to inject unwanted information into a chart. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188453](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188453>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-8553](<https://vulners.com/cve/CVE-2020-8553>) \n** DESCRIPTION: **Kubernetes ingress-nginx could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the annotation nginx.ingress.kubernetes.io/auth-type: basic is used. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a new Ingress definition and replace the password file. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186050](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186050>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-8557](<https://vulners.com/cve/CVE-2020-8557>) \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating ephemeral storage usage. By writing a large amount of data to the /etc/hostsfile, a local authenticated attacker could exploit this vulnerability to fill the storage space of the node and cause the node to fail. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8559](<https://vulners.com/cve/CVE-2020-8559>) \n** DESCRIPTION: **Kubernetes kube-apiserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when multiple clusters share the same certificate authority trusted by the client. By intercepting certain requests and sending a redirect response, an attacker could exploit this vulnerability to compromise other nodes. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26116](<https://vulners.com/cve/CVE-2020-26116>) \n** DESCRIPTION: **Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-8555](<https://vulners.com/cve/CVE-2020-8555>) \n** DESCRIPTION: **Kubernetes is vulnerable to server-side request forgery, caused by a flaw in the kube-controller-manager. By using a specially-crafted argument, a remote authenticated attacker could exploit this vulnerability to conduct SSRF attack to leak up to 500 bytes of arbitrary information from unprotected endpoints. \nCVSS Base score: 3.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2018-1002102](<https://vulners.com/cve/CVE-2018-1002102>) \n** DESCRIPTION: **Kubernetes API server could allow a remote authenticated attacker to conduct phishing attacks, caused by an improper validation of URL redirection. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base score: 2.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-11255](<https://vulners.com/cve/CVE-2019-11255>) \n** DESCRIPTION: **kubernetes-csi external-provisioner, external-snapshotter, and external-resizer could allow a remote attacker to bypass security restrictions, caused by a flaw when using CSI volume snapshot, cloning or resizing features in Kubernetes. By sending a specially-crafted request, an attacker could exploit this vulnerability to access or mutate unauthorized volume data. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/171570](<https://exchange.xforce.ibmcloud.com/vulnerabilities/171570>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-11252](<https://vulners.com/cve/CVE-2019-11252>) \n** DESCRIPTION: **Kubernetes kube-controller-manager could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of user credentials in error messages in the mount failure logs and events for AzureFile and CephFS volumes. By gaining access to the log files, an attacker could exploit this vulnerability to obtain user credentials. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-8558](<https://vulners.com/cve/CVE-2020-8558>) \n** DESCRIPTION: **Kubernetes kube-proxy could allow a remote attacker to bypass security restrictions, caused by a default insecure port setting. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to TCP and UDP services on the node(s) which are bound to 127.0.0.1. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184769](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184769>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-25659](<https://vulners.com/cve/CVE-2020-25659>) \n** DESCRIPTION: **python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192485](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192485>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** Third Party Entry: **182747 \n** DESCRIPTION: **Kubernetes kubelet is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue router advertisements, an attacker could exploit this vulnerability using man-in-the-middle techniques to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/182747 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182747>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSpectrum Discover| 2.0.3 - 2.0.4 \n \n\n\n## Remediation/Fixes\n\nInstalled versions of Spectrum Discover (2.0.2.0, 2.0.2.1, 2.0.3.0, 2.0.3.1, 2.0.3.2, 2.0.3.3, 2.0.4) can be upgraded to fixed version using the [IBM Spectrum Discover 2.0.3.4 upgrader](<https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=Storage_isd-upgrader-2.0.3.4&continue=1> \"IBM Spectrum Discover 2.0.3.4 upgrader\" ) and [IBM Spectrum Discover 2.0.4.1 upgrader](<https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=Storage_isd-upgrader-2.0.4.1&continue=1> \"IBM Spectrum Discover 2.0.4.1 upgrader\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-13T16:56:10", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1002102", "CVE-2019-11252", "CVE-2019-11255", "CVE-2020-15184", "CVE-2020-15185", "CVE-2020-15186", "CVE-2020-15187", "CVE-2020-25659", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-8553", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8558", "CVE-2020-8559", "CVE-2020-8563", "CVE-2020-8564", "CVE-2020-8565", "CVE-2020-8566", "CVE-2021-21284", "CVE-2021-21285"], "modified": "2021-05-13T16:56:10", "id": "E9A8C23824FEB3CF54C07A25B19E265D1905F763E9CC29B4410E2EC85F28EE49", "href": "https://www.ibm.com/support/pages/node/6452959", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-03-14T17:31:30", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-03-28T00:00:00", "type": "openvas", "title": "Fedora Update for golang-googlecode-net FEDORA-2019-07d447a1d3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17847", "CVE-2018-17075", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17848", "CVE-2018-17142"], "modified": "2019-04-02T00:00:00", "id": "OPENVAS:1361412562310875517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875517", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875517\");\n script_version(\"2019-04-02T06:16:35+0000\");\n script_cve_id(\"CVE-2018-17143\", \"CVE-2018-17142\", \"CVE-2018-17075\", \"CVE-2018-17846\",\n \"CVE-2018-17847\", \"CVE-2018-17848\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-04-02 06:16:35 +0000 (Tue, 02 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-28 13:53:39 +0000 (Thu, 28 Mar 2019)\");\n script_name(\"Fedora Update for golang-googlecode-net FEDORA-2019-07d447a1d3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-07d447a1d3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LREEWY6KNLHRWFZ7OT4HVLMVVCGGUHON\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'golang-googlecode-net' package(s) announced via the FEDORA-2019-07d447a1d3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Supplementary Go networking libraries\");\n\n script_tag(name:\"affected\", value:\"'golang-googlecode-net' package(s) on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC28\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-googlecode-net\", rpm:\"golang-googlecode-net~0~0.48.20190302git16b79f2.fc28\", rls:\"FC28\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T17:31:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for golang-googlecode-net FEDORA-2019-07e8e806e0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17847", "CVE-2018-17075", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17848", "CVE-2018-17142"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876004", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876004\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-17143\", \"CVE-2018-17142\", \"CVE-2018-17075\", \"CVE-2018-17846\", \"CVE-2018-17847\", \"CVE-2018-17848\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:31:15 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for golang-googlecode-net FEDORA-2019-07e8e806e0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-07e8e806e0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKRCI7WIOCOCD3H7NXWRGIRABTQOZOBK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang-googlecode-net'\n package(s) announced via the FEDORA-2019-07e8e806e0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Supplementary Go networking libraries\");\n\n script_tag(name:\"affected\", value:\"'golang-googlecode-net' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-googlecode-net\", rpm:\"golang-googlecode-net~0~0.49.20190302git16b79f2.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-09T14:46:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "openvas", "title": "Fedora Update for kubernetes FEDORA-2019-2b8ef08c95", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11249", "CVE-2019-11247", "CVE-2019-11246", "CVE-2019-11250", "CVE-2019-1002101", "CVE-2019-11248"], "modified": "2019-09-09T00:00:00", "id": "OPENVAS:1361412562310876720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876720", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876720\");\n script_version(\"2019-09-09T06:54:37+0000\");\n script_cve_id(\"CVE-2019-11250\", \"CVE-2019-1002101\", \"CVE-2019-11248\", \"CVE-2019-11249\", \"CVE-2019-11246\", \"CVE-2019-11247\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-09 06:54:37 +0000 (Mon, 09 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-27 02:32:41 +0000 (Tue, 27 Aug 2019)\");\n script_name(\"Fedora Update for kubernetes FEDORA-2019-2b8ef08c95\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-2b8ef08c95\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kubernetes'\n package(s) announced via the FEDORA-2019-2b8ef08c95 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Container cluster management\");\n\n script_tag(name:\"affected\", value:\"'kubernetes' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kubernetes\", rpm:\"kubernetes~1.15.2~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for etcd FEDORA-2019-219b0b0b6a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16886", "CVE-2018-1099", "CVE-2018-1098"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876238", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876238\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16886\", \"CVE-2018-1098\", \"CVE-2018-1099\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:40:10 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for etcd FEDORA-2019-219b0b0b6a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-219b0b0b6a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'etcd'\n package(s) announced via the FEDORA-2019-219b0b0b6a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A highly-available key value store for shared configuration.\");\n\n script_tag(name:\"affected\", value:\"'etcd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"etcd\", rpm:\"etcd~3.3.12~4.20190413gitf29b1ad.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "Supplementary Go networking libraries ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-03-25T05:29:22", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: golang-googlecode-net-0-0.48.20190302git16b79f2.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17075", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848"], "modified": "2019-03-25T05:29:22", "id": "FEDORA:971BC602F0E3", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "Supplementary Go networking libraries ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-03-25T06:08:55", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: golang-googlecode-net-0-0.49.20190302git16b79f2.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17075", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848"], "modified": "2019-03-25T06:08:55", "id": "FEDORA:E5A7E60321B6", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T18:41:38", "description": "Container cluster management ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 8.2, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2019-08-26T00:53:13", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: kubernetes-1.15.2-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11250"], "modified": "2019-08-26T00:53:13", "id": "FEDORA:AB57A605B47C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "A highly-available key value store for shared configuration. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-13T00:09:57", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: etcd-3.3.12-1.20190314gite1ca3b4.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886"], "modified": "2019-04-13T00:09:57", "id": "FEDORA:9BE4060C9AB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "A highly-available key value store for shared configuration. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-06T04:15:25", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: etcd-3.3.12-4.20190413gitf29b1ad.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886"], "modified": "2019-05-06T04:15:25", "id": "FEDORA:8C784605291B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "OpenShift Origin is a distribution of Kubernetes optimized for enterprise a pplication development and deployment. OpenShift Origin adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and l arge teams and applications. It provides a secure and multi-tenant configuration for Kubernetes allowing you to safely host many different applications and work loads on a unified cluster. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-24T01:15:02", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: origin-3.11.2-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8555", "CVE-2020-8945"], "modified": "2020-07-24T01:15:02", "id": "FEDORA:DC71F30AD93F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:40", "description": " Distributed reliable key-value store for the most critical data of a distri buted system. ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-01-04T01:18:15", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: etcd-3.4.13-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", "CVE-2020-15115", "CVE-2020-15136"], "modified": "2021-01-04T01:18:15", "id": "FEDORA:54FA7304C374", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-24T14:09:42", "description": "Bump to commit 16b79f2e4e95ea23b2bf9903c9809ff7b013ce85 Security fixes for CVE-2018-17143, CVE-2018-17142, CVE-2018-17075, CVE-2018-17846, CVE-2018-17847, CVE-2018-17848\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-03-25T00:00:00", "type": "nessus", "title": "Fedora 28 : golang-googlecode-net (2019-07d447a1d3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17075", "CVE-2018-17142", "CVE-2018-17143", "CVE-2018-17846", "CVE-2018-17847", "CVE-2018-17848"], "modified": "2020-02-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang-googlecode-net", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-07D447A1D3.NASL", "href": "https://www.tenable.com/plugins/nessus/123033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-07d447a1d3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123033);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/03\");\n\n script_cve_id(\"CVE-2018-17075\", \"CVE-2018-17142\", \"CVE-2018-17143\", \"CVE-2018-17846\", \"CVE-2018-17847\", \"CVE-2018-17848\");\n script_xref(name:\"FEDORA\", value:\"2019-07d447a1d3\");\n\n script_name(english:\"Fedora 28 : golang-googlecode-net (2019-07d447a1d3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bump to commit 16b79f2e4e95ea23b2bf9903c9809ff7b013ce85 Security fixes\nfor CVE-2018-17143, CVE-2018-17142, CVE-2018-17075, CVE-2018-17846,\nCVE-2018-17847, CVE-2018-17848\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-07d447a1d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang-googlecode-net package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang-googlecode-net\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"golang-googlecode-net-0-0.48.20190302git16b79f2.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang-googlecode-net\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:28:07", "description": "Update to v1.15.2 + carry upstream #81330\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-26T00:00:00", "type": "nessus", "title": "Fedora 30 : kubernetes (2019-2b8ef08c95)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249", "CVE-2019-11250"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kubernetes", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-2B8EF08C95.NASL", "href": "https://www.tenable.com/plugins/nessus/128127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-2b8ef08c95.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128127);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-1002101\", \"CVE-2019-11246\", \"CVE-2019-11247\", \"CVE-2019-11248\", \"CVE-2019-11249\", \"CVE-2019-11250\");\n script_xref(name:\"FEDORA\", value:\"2019-2b8ef08c95\");\n\n script_name(english:\"Fedora 30 : kubernetes (2019-2b8ef08c95)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to v1.15.2 + carry upstream #81330\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2b8ef08c95\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kubernetes package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kubernetes-1.15.2-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:30", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.9.102.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* atomic-openshift: OpenShift builds don't verify SSH Host Keys for the Git repository (CVE-2019-10150)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-10150", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11251", "CVE-2019-11253"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3811.NASL", "href": "https://www.tenable.com/plugins/nessus/130747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3811. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130747);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-10150\", \"CVE-2019-11249\", \"CVE-2019-11251\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3811\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat\nOpenShift Container Platform 3.9.102.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* atomic-openshift: OpenShift builds don't verify SSH Host Keys for\nthe Git repository (CVE-2019-10150)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and\nCVE-2019-11246, kubectl cp potential directory traversal\n(CVE-2019-11249)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double\nsymlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11249\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3811\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-cluster-capacity-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-cluster-capacity-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-federation-services-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-federation-services-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-service-catalog-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-service-catalog-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.9.102-1.git.0.6411f52.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.9.102-1.git.0.6411f52.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:56", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11252", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559"], "modified": "2020-09-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0142_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/140706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0142. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140706);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\n \"CVE-2019-11252\",\n \"CVE-2020-8555\",\n \"CVE-2020-8557\",\n \"CVE-2020-8559\"\n );\n\n script_name(english:\"Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-142.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-kubeadm-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-kubectl-extras-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-pause-1.17.11-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kubernetes');\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:08:26", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Kubernetes PHSA-2020-2.0-0285", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11252", "CVE-2020-8555", "CVE-2020-8557", "CVE-2020-8559"], "modified": "2020-09-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0285_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/140715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0285. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140715);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\n \"CVE-2019-11252\",\n \"CVE-2020-8555\",\n \"CVE-2020-8557\",\n \"CVE-2020-8559\"\n );\n\n script_name(english:\"Photon OS 2.0: Kubernetes PHSA-2020-2.0-0285\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-285.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-kubeadm-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-kubectl-extras-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-pause-1.17.11-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kubernetes');\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:10", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal (CVE-2019-11249)\n\n* kube-apiserver: DoS with crafted patch of type json-patch (CVE-2019-1002100)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002100", "CVE-2019-1002101", "CVE-2019-11246", "CVE-2019-11249", "CVE-2019-11253"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3239.NASL", "href": "https://www.tenable.com/plugins/nessus/130384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3239. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130384);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-1002100\", \"CVE-2019-11249\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3239\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.10.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: Incomplete fixes for CVE-2019-1002101 and\nCVE-2019-11246, kubectl cp potential directory traversal\n(CVE-2019-11249)\n\n* kube-apiserver: DoS with crafted patch of type json-patch\n(CVE-2019-1002100)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-1002100\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11249\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3239\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.10.181-1.git.0.3ab4b3d.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:01", "description": "CVE-2019-11840\n\nAn issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.\n\nCVE-2019-11841\n\nA message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries. The 'Hash' Armor Header specifies the message digest algorithm(s) used for the signature. Since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.\n\nCVE-2020-9283\n\ngolang.org/x/crypto allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.\n\nFor Debian 9 stretch, these problems have been fixed in version 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\nFor the detailed security status of golang-go.crypto please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-go.crypto\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Debian DLA-2402-1 : golang-go.crypto security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11840", "CVE-2019-11841", "CVE-2020-9283"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:golang-go.crypto-dev", "p-cpe:/a:debian:debian_linux:golang-golang-x-crypto-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2402.NASL", "href": "https://www.tenable.com/plugins/nessus/141271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2402-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141271);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2019-11840\", \"CVE-2019-11841\", \"CVE-2020-9283\");\n\n script_name(english:\"Debian DLA-2402-1 : golang-go.crypto security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CVE-2019-11840\n\nAn issue was discovered in supplementary Go cryptography libraries,\naka golang-googlecode-go-crypto. If more than 256 GiB of keystream is\ngenerated, or if the counter otherwise grows greater than 32 bits, the\namd64 implementation will first generate incorrect output, and then\ncycle back to previously generated keystream. Repeated keystream bytes\ncan lead to loss of confidentiality in encryption applications, or to\npredictability in CSPRNG applications.\n\nCVE-2019-11841\n\nA message-forgery issue was discovered in\ncrypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography\nlibraries. The 'Hash' Armor Header specifies the message digest\nalgorithm(s) used for the signature. Since the library skips Armor\nHeader parsing in general, an attacker can not only embed arbitrary\nArmor Headers, but also prepend arbitrary text to cleartext messages\nwithout invalidating the signatures.\n\nCVE-2020-9283\n\ngolang.org/x/crypto allows a panic during signature verification in\nthe golang.org/x/crypto/ssh package. A client can attack an SSH server\nthat accepts public keys. Also, a server can attack any SSH client.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1.\n\nWe recommend that you upgrade your golang-go.crypto packages.\n\nFor the detailed security status of golang-go.crypto please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/golang-go.crypto\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/golang-go.crypto\"\n );\n # https://security-tracker.debian.org/tracker/source-package/golang-go.crypto\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e94138e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11841\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-go.crypto-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-golang-x-crypto-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"golang-go.crypto-dev\", reference:\"1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"golang-golang-x-crypto-dev\", reference:\"1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:22", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2479 advisory.\n\n - libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions (CVE-2017-18367)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information (CVE-2020-8555)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-19T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2020:2479)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18367", "CVE-2019-11254", "CVE-2020-8555"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests"], "id": "REDHAT-RHSA-2020-2479.NASL", "href": "https://www.tenable.com/plugins/nessus/137668", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2479. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137668);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2017-18367\", \"CVE-2019-11254\", \"CVE-2020-8555\");\n script_xref(name:\"RHSA\", value:\"2020:2479\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2020:2479)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2479 advisory.\n\n - libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access\n restrictions (CVE-2017-18367)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret\n information (CVE-2020-8555)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1706826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1821583\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18367\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 305, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'atomic-openshift-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-clients-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-clients-redistributable-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-docker-excluder-3.11.232-1.git.0.a5bc32f.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-excluder-3.11.232-1.git.0.a5bc32f.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-hyperkube-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-hypershift-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-master-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-node-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-pod-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-sdn-ovs-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-template-service-broker-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-tests-3.11.232-1.git.0.a5bc32f.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'atomic-openshift / atomic-openshift-clients / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:20", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Kubernetes PHSA-2020-3.0-0084", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11250", "CVE-2019-11251", "CVE-2020-8552"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0084_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/136099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0084. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136099);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-11250\", \"CVE-2019-11251\", \"CVE-2020-8552\");\n\n script_name(english:\"Photon OS 3.0: Kubernetes PHSA-2020-3.0-0084\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-84.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11251\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"kubernetes-1.12\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-1.12.10-3.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-1.14\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-1.14.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-debuginfo-1.12.10-3.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.12\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.12.10-3.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.14\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.14.10-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.12\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.12.10-3.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.14\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.14.10-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.12\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.12.10-3.ph3\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.14\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.14.10-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:05:00", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Kubernetes PHSA-2020-2.0-0229", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11250", "CVE-2019-11251", "CVE-2020-8552"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0229_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/135869", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0229. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135869);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-11250\", \"CVE-2019-11251\", \"CVE-2020-8552\");\n\n script_name(english:\"Photon OS 2.0: Kubernetes PHSA-2020-2.0-0229\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-229.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11251\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11250\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"kubernetes-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-1.12.10-3.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-1.13.12-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-1.14.10-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-debuginfo-1.12.10-3.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.12.10-3.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.13.12-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubeadm-1.14.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.12.10-3.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.13.12-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-kubectl-extras-1.14.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.12.10-3.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.13.12-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"kubernetes-pause-1.14.10-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-16T00:39:11", "description": "Bump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix for CVE-2018-16886 Security fix for CVE-2018-1098 CVE-2018-1099\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-02T00:00:00", "type": "nessus", "title": "Fedora 30 : etcd (2019-833466697f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:etcd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-833466697F.NASL", "href": "https://www.tenable.com/plugins/nessus/124512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-833466697f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124512);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-1098\", \"CVE-2018-1099\", \"CVE-2018-16886\");\n script_xref(name:\"FEDORA\", value:\"2019-833466697f\");\n\n script_name(english:\"Fedora 30 : etcd (2019-833466697f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix\nfor CVE-2018-16886 Security fix for CVE-2018-1098 CVE-2018-1099\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-833466697f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected etcd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16886\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"etcd-3.3.12-1.20190314gite1ca3b4.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"etcd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T00:39:07", "description": "etcd.service: do not pass command line flags already defined in environment\n\n----\n\nFix building of etcd\n\n----\n\nBump to commit f29b1ada19713544b698dab8c94c97cfa1e83dac\n\n----\n\nBump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix for CVE-2018-16886 Security fix for CVE-2018-1098 CVE-2018-1099\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Fedora 29 : etcd (2019-219b0b0b6a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1098", "CVE-2018-1099", "CVE-2018-16886"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:etcd", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-219B0B0B6A.NASL", "href": "https://www.tenable.com/plugins/nessus/124600", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-219b0b0b6a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124600);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-1098\", \"CVE-2018-1099\", \"CVE-2018-16886\");\n script_xref(name:\"FEDORA\", value:\"2019-219b0b0b6a\");\n\n script_name(english:\"Fedora 29 : etcd (2019-219b0b0b6a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"etcd.service: do not pass command line flags already defined in\nenvironment\n\n----\n\nFix building of etcd\n\n----\n\nBump to commit f29b1ada19713544b698dab8c94c97cfa1e83dac\n\n----\n\nBump to commit e1ca3b4434945e57e8e3a451cdbde74a903cc8e1 Security fix\nfor CVE-2018-16886 Security fix for CVE-2018-1098 CVE-2018-1099\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-219b0b0b6a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected etcd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16886\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"etcd-3.3.12-4.20190413gitf29b1ad.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"etcd\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-17T16:35:16", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5628-1 advisory.\n\n - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data.\n Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. (CVE-2020-15106)\n\n - In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. (CVE-2020-15112)\n\n - In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). (CVE-2020-15113)\n\n - In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. (CVE-2020-15114)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : etcd vulnerabilities (USN-5628-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:etcd", "p-cpe:/a:canonical:ubuntu_linux:etcd-client", "p-cpe:/a:canonical:ubuntu_linux:golang-etcd-server-dev", "p-cpe:/a:canonical:ubuntu_linux:etcd-server", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts"], "id": "UBUNTU_USN-5628-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165324", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5628-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165324);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-15106\",\n \"CVE-2020-15112\",\n \"CVE-2020-15113\",\n \"CVE-2020-15114\"\n );\n script_xref(name:\"USN\", value:\"5628-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : etcd vulnerabilities (USN-5628-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5628-1 advisory.\n\n - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of\n a record is stored in the length field of a WAL file and no additional validation is done on this data.\n Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the\n expense of any RAFT participant trying to decode the WAL. (CVE-2020-15106)\n\n - In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number\n of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read\n during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when\n reading the entry. (CVE-2020-15112)\n\n - In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and\n the directory path when provided to automatically generate self-signed certificates for TLS connections\n with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not\n perform any permission checks when a given directory path exists already. A possible workaround is to\n ensure the directories have the desired permission (700). (CVE-2020-15113)\n\n - In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic\n service discovery and access. However, it is possible to include the gateway address as an endpoint. This\n results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until\n there are no more available file descriptors to accept connections on the gateway. (CVE-2020-15114)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5628-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:etcd-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:etcd-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-etcd-server-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'etcd', 'pkgver': '3.2.26+dfsg-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'etcd-client', 'pkgver': '3.2.26+dfsg-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'etcd-server', 'pkgver': '3.2.26+dfsg-6ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'golang-etcd-server-dev', 'pkgver': '3.2.26+dfsg-6ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd / etcd-client / etcd-server / golang-etcd-server-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:32", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2019-10-11T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Kubernetes PHSA-2019-1.0-0252", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0252_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/129784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0252. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129784);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11246\",\n \"CVE-2019-11247\",\n \"CVE-2019-11248\",\n \"CVE-2019-11249\"\n );\n\n script_name(english:\"Photon OS 1.0: Kubernetes PHSA-2019-1.0-0252\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-252.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11248\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-debuginfo-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-kubeadm-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-kubectl-extras-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-pause-1.12.10-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:04", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Kubernetes PHSA-2019-3.0-0031", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0031_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/130125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0031. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130125);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-11246\",\n \"CVE-2019-11247\",\n \"CVE-2019-11248\",\n \"CVE-2019-11249\"\n );\n\n script_name(english:\"Photon OS 3.0: Kubernetes PHSA-2019-3.0-0031\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0031.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11248\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"kubernetes-1.12.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"kubernetes-debuginfo-1.12.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"kubernetes-kubeadm-1.12.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"kubernetes-kubectl-extras-1.12.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"kubernetes-pause-1.12.10-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:30", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Kubernetes PHSA-2019-1.0-0255", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0255_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/129682", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0255. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129682);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-11246\",\n \"CVE-2019-11247\",\n \"CVE-2019-11248\",\n \"CVE-2019-11249\"\n );\n\n script_name(english:\"Photon OS 1.0: Kubernetes PHSA-2019-1.0-0255\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-255.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11248\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-debuginfo-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-kubeadm-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-kubectl-extras-1.12.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"kubernetes-pause-1.12.10-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:42", "description": "An update for openshift is now available for Red Hat OpenShift Container Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions (CVE-2017-18367)\n\n* kubernetes: Bearer tokens written to logs at high verbosity levels (>= 7) (CVE-2019-11250)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.1 openshift (RHSA-2019:4087)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18367", "CVE-2019-11250"], "modified": "2019-12-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-4087.NASL", "href": "https://www.tenable.com/plugins/nessus/132225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4087. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132225);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\"CVE-2017-18367\", \"CVE-2019-11250\");\n script_xref(name:\"RHSA\", value:\"2019:4087\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.1 openshift (RHSA-2019:4087)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openshift is now available for Red Hat OpenShift\nContainer Platform 4.1.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* libseccomp-golang: mishandling of multiple argument rules leading to\na bypass of intended access restrictions (CVE-2017-18367)\n\n* kubernetes: Bearer tokens written to logs at high verbosity levels\n(>= 7) (CVE-2019-11250)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11250\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openshift-clients,\nopenshift-clients-redistributable and / or openshift-hyperkube\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x / 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4087\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.27-201912021146.git.0.a40116f.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.27-201912021146.git.0.a40116f.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.27-201912021146.git.0.a40116f.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-4.1.27-201912021146.git.0.a40116f.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-clients-redistributable-4.1.27-201912021146.git.0.a40116f.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"openshift-hyperkube-4.1.27-201912021146.git.0.a40116f.el8_0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openshift-clients / openshift-clients-redistributable / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:04", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1407 advisory.\n\n - etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n - etcd: DoS in wal/wal.go (CVE-2020-15112)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "RHEL 7 : etcd (RHSA-2021:1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:etcd"], "id": "REDHAT-RHSA-2021-1407.NASL", "href": "https://www.tenable.com/plugins/nessus/149025", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1407. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149025);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-15106\", \"CVE-2020-15112\");\n script_xref(name:\"RHSA\", value:\"2021:1407\");\n\n script_name(english:\"RHEL 7 : etcd (RHSA-2021:1407)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1407 advisory.\n\n - etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n - etcd: DoS in wal/wal.go (CVE-2020-15112)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868883\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected etcd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:etcd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/extras/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/extras/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/extras/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/extras/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/os',\n 'content/dist/rhel/client/7/7Client/x86_64/extras/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/extras/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/extras/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/extras/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/os',\n 'content/dist/rhel/server/7/7Server/x86_64/extras/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/extras/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/extras/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'etcd-3.2.32-1.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'etcd-3.2.32-1.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'etcd-3.2.32-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:03:31", "description": "- Security fix for CVE-2020-8551, CVE-2020-8552, CVE-2020-8555, CVE-2020-8945\n\n - Rebase to head of usptream 3.11 branch\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "Fedora 32 : origin (2020-aeea04cd13)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8551", "CVE-2020-8552", "CVE-2020-8555", "CVE-2020-8945"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:origin", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-AEEA04CD13.NASL", "href": "https://www.tenable.com/plugins/nessus/138918", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-aeea04cd13.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138918);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2020-8551\", \"CVE-2020-8552\", \"CVE-2020-8555\", \"CVE-2020-8945\");\n script_xref(name:\"FEDORA\", value:\"2020-aeea04cd13\");\n\n script_name(english:\"Fedora 32 : origin (2020-aeea04cd13)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\" - Security fix for CVE-2020-8551, CVE-2020-8552,\n CVE-2020-8555, CVE-2020-8945\n\n - Rebase to head of usptream 3.11 branch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-aeea04cd13\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected origin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:origin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"origin-3.11.2-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"origin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:24:28", "description": "An update for atomic-openshift is now available for OpenShift Container Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-06-28T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:1632)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1632.NASL", "href": "https://www.tenable.com/plugins/nessus/126322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1632. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126322);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2019-11246\");\n script_xref(name:\"RHSA\", value:\"2019:1632\");\n\n script_name(english:\"RHEL 7 : Red Hat OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:1632)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for OpenShift\nContainer Platform.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary\nfile write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11246\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1632\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.10.149-1.git.0.05de590.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.10\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.10.149-1.git.0.05de590.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:33", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-07-25T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:1852)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1852.NASL", "href": "https://www.tenable.com/plugins/nessus/127033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1852. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127033);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-11246\");\n script_xref(name:\"RHSA\", value:\"2019:1852\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:1852)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.9.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nSecurity Fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary\nfile write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11246\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1852\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-cluster-capacity-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-cluster-capacity-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-federation-services-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-federation-services-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-service-catalog-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-service-catalog-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.9\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.9.89-1.git.0.9454f2a.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:49", "description": "An update for atomic-openshift is now available for OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.\n\nSecurity fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page (s) listed in the References section.", "cvss3": {}, "published": "2019-06-28T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:1633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1002101", "CVE-2019-11246"], "modified": "2020-01-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1633.NASL", "href": "https://www.tenable.com/plugins/nessus/126323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1633. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126323);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/09\");\n\n script_cve_id(\"CVE-2019-11246\");\n script_xref(name:\"RHSA\", value:\"2019:1633\");\n\n script_name(english:\"RHEL 7 : Red Hat OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:1633)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for OpenShift\nContainer Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is the company's cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to\nthese updated packages and images.\n\nSecurity fix(es) :\n\n* kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary\nfile write via `kubectl cp` (CVE-2019-11246)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgements, and other related information, refer to\nthe CVE page (s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11246\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1633\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.11.117-1.git.0.14e54a3.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:54", "description": "An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.154.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack, allowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11251", "CVE-2019-11253"], "modified": "2020-02-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3905.NASL", "href": "https://www.tenable.com/plugins/nessus/131153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3905. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131153);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/10\");\n\n script_cve_id(\"CVE-2019-11251\", \"CVE-2019-11253\");\n script_xref(name:\"RHSA\", value:\"2019:3905\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for atomic-openshift is now available for Red Hat OpenShift\nContainer Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or\nprivate cloud deployments.\n\nThis advisory contains the atomic-openshift RPM package for Red Hat\nOpenShift Container Platform 3.11.154.\n\nSecurity Fix(es) :\n\n* kubernetes: YAML parsing vulnerable to 'Billion Laughs' attack,\nallowing for remote denial of service (CVE-2019-11253)\n\n* kubernetes: `kubectl cp` allows for arbitrary file write via double\nsymlinks (CVE-2019-11251)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11253\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11251\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3905\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"atomic-openshift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-clients-redistributable-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-clients-redistributable-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-docker-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-docker-excluder-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-excluder-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", reference:\"atomic-openshift-excluder-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hyperkube-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hyperkube-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-hypershift-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-hypershift-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-master-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-master-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-node-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-node-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-pod-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-pod-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-sdn-ovs-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-sdn-ovs-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-template-service-broker-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-template-service-broker-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n if (rpm_exists(rpm:\"atomic-openshift-tests-3.11\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"atomic-openshift-tests-3.11.154-1.git.0.7a097ad.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"atomic-openshift / atomic-openshift-clients / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:30:30", "description": "An update of the kubernetes package has been released.", "cvss3": {}, "published": "2019-10-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Kubernetes PHSA-2019-2.0-0177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11245", "CVE-2019-11246", "CVE-2019-11247", "CVE-2019-11248", "CVE-2019-11249"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0177_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/129691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0177. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129691);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2019-11245\",\n \"CVE-2019-11246\",\n \"CVE-2019-11247\",\n \"CVE-2019-11248\",\n \"CVE-2019-11249\"\n );\n\n script_name(english:\"Photon OS 2.0: Kubernetes PHSA-2019-2.0-0177\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-177.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11247\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-11248\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"kubernetes-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-1.12.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-1.13.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-1.14.6-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-debuginfo-1.12.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubeadm-1.12.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubeadm-1.13.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubeadm-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubeadm-1.14.6-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubectl-extras-1.12.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubectl-extras-1.13.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-kubectl-extras-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-kubectl-extras-1.14.6-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.12\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-pause-1.12.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.13\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-pause-1.13.10-1.ph2\")) flag++;\nif (rpm_exists(rpm:\"kubernetes-pause-1.14\", release:\"PhotonOS-2.0\") && rpm_check(release:\"PhotonOS-2.0\", reference:\"kubernetes-pause-1.14.6-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kubernetes\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:29", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory.\n\n - kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes (CVE-2019-11252)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5 package (RHSA-2020:2413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11252", "CVE-2019-11254", "CVE-2020-8558", "CVE-2020-8945", "CVE-2020-9283"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube"], "id": "REDHAT-RHSA-2020-2413.NASL", "href": "https://www.tenable.com/plugins/nessus/138387", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2413. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138387);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-11254\", \"CVE-2020-8558\", \"CVE-2020-8945\");\n script_xref(name:\"RHSA\", value:\"2020:2413\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5 package (RHSA-2020:2413)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2413 advisory.\n\n - kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events\n for AzureFile and CephFS volumes (CVE-2019-11252)\n\n - kubernetes: Denial of service in API server via crafted YAML payloads by authorized users (CVE-2019-11254)\n\n - kubernetes: node localhost services reachable via martian packets (CVE-2020-8558)\n\n - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)\n\n - golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1804533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected machine-config-daemon and / or openshift-hyperkube packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8558\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(130, 209, 300, 400, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhocp/4.5/debug',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.5/os',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.5/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'machine-config-daemon-4.5.0-202007012112.p0.git.2527.d12c3da.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'openshift-hyperkube-4.5.0-202007012112.p0.git.0.582d7fc.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.5/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openshift-hyperkube-4.5.0-202007012112.p0.git.0.582d7fc.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'machine-config-daemon / openshift-hyperkube');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T02:42:51", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5873-1 advisory.\n\n - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. (CVE-2020-14040)\n\n - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) (CVE-2020-28851)\n\n - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) (CVE-2020-28852)\n\n - golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. (CVE-2021-38561)\n\n - An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. (CVE-2022-32149)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-16T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : Go Text vulnerabilities (USN-5873-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14040", "CVE-2020-28851", "CVE-2020-28852", "CVE-2021-38561", "CVE-2022-32149"], "modified": "2023-02-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:golang-golang-x-text-dev", "p-cpe:/a:canonical:ubuntu_linux:golang-x-text-dev"], "id": "UBUNTU_USN-5873-1.NASL", "href": "https://www.tenable.com/plugins/nessus/171575", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5873-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171575);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/16\");\n\n script_cve_id(\n \"CVE-2020-14040\",\n \"CVE-2020-28851\",\n \"CVE-2020-28852\",\n \"CVE-2021-38561\",\n \"CVE-2022-32149\"\n );\n script_xref(name:\"USN\", value:\"5873-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 : Go Text vulnerabilities (USN-5873-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5873-1 advisory.\n\n - The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the\n UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker\n could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an\n infinite loop if the String function on the Decoder is called, or the Decoder is passed to\n golang.org/x/text/transform.String. (CVE-2020-14040)\n\n - In x/text in Go 1.15.4, an index out of range panic occurs in language.ParseAcceptLanguage while parsing\n the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)\n (CVE-2020-28851)\n\n - In x/text in Go before v0.3.5, a slice bounds out of range panic occurs in language.ParseAcceptLanguage\n while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language\n header.) (CVE-2020-28852)\n\n - golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during\n BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be\n used as a vector for a denial-of-service attack. (CVE-2021-38561)\n\n - An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage\n will take significant time to parse. (CVE-2022-32149)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5873-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected golang-golang-x-text-dev and / or golang-x-text-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28852\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32149\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-golang-x-text-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-x-text-dev\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'golang-golang-x-text-dev', 'pkgver': '0.0~git20170627.0.6353ef0-1ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'golang-x-text-dev', 'pkgver': '0.0~git20170627.0.6353ef0-1ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'golang-golang-x-text-dev', 'pkgver': '0.3.2-4ubuntu0.1'},\n {'osver': '22.04', 'pkgname': 'golang-golang-x-text-dev', 'pkgver': '0.3.7-1ubuntu0.20.04.1'},\n {'osver': '22.10', 'pkgname': 'golang-golang-x-text-dev', 'pkgver': '0.3.7-1ubuntu0.22.10.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang-golang-x-text-dev / golang-x-text-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:51:41", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by multiple vulnerabilities:\n\n - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. (CVE-2019-16884)\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16884", "CVE-2021-30465"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:docker-ce", "p-cpe:/a:zte:cgsl_core:docker-ce-debuginfo", "p-cpe:/a:zte:cgsl_main:docker-ce", "p-cpe:/a:zte:cgsl_main:docker-ce-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0007_DOCKER-CE.NASL", "href": "https://www.tenable.com/plugins/nessus/160835", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0007. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160835);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2019-16884\", \"CVE-2021-30465\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected\nby multiple vulnerabilities:\n\n - runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor\n restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a\n malicious Docker image can mount over a /proc directory. (CVE-2019-16884)\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0007\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-30465\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL docker-ce packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:docker-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:docker-ce-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:docker-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:docker-ce-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'docker-ce-17.03.3-1.el7.2107150253gitc70b962',\n 'docker-ce-debuginfo-17.03.3-1.el7.2107150253gitc70b962'\n ],\n 'CGSL MAIN 5.04': [\n 'docker-ce-17.03.3-1.el7.2107150253gitc70b962',\n 'docker-ce-debuginfo-17.03.3-1.el7.2107150253gitc70b962'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-ce');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:07", "description": "An update of the etcd package has been released.", "cvss3": {}, "published": "2020-08-20T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Etcd PHSA-2020-1.0-0313", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", "CVE-2020-15115", "CVE-2020-15136"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:etcd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0313_ETCD.NASL", "href": "https://www.tenable.com/plugins/nessus/139696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0313. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139696);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-15106\",\n \"CVE-2020-15112\",\n \"CVE-2020-15113\",\n \"CVE-2020-15114\",\n \"CVE-2020-15115\",\n \"CVE-2020-15136\"\n );\n\n script_name(english:\"Photon OS 1.0: Etcd PHSA-2020-1.0-0313\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the etcd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-313.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15136\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-15115\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'etcd-3.3.23-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd');\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:40", "description": "An update of the etcd package has been released.", "cvss3": {}, "published": "2020-08-15T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Etcd PHSA-2020-2.0-0272", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", "CVE-2020-15115", "CVE-2020-15136"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:etcd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0272_ETCD.NASL", "href": "https://www.tenable.com/plugins/nessus/139608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0272. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139608);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-15106\",\n \"CVE-2020-15112\",\n \"CVE-2020-15113\",\n \"CVE-2020-15114\",\n \"CVE-2020-15115\",\n \"CVE-2020-15136\"\n );\n\n script_name(english:\"Photon OS 2.0: Etcd PHSA-2020-2.0-0272\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the etcd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-272.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15136\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-15115\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'etcd-3.3.23-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd');\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:05", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0916 advisory.\n\n - etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n - etcd: DoS in wal/wal.go (CVE-2020-15112)\n\n - etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)\n\n - etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)\n\n - etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords (CVE-2020-15115)\n\n - etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", "CVE-2020-15115", "CVE-2020-15136"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:etcd"], "id": "REDHAT-RHSA-2021-0916.NASL", "href": "https://www.tenable.com/plugins/nessus/147868", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0916. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147868);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-15106\",\n \"CVE-2020-15112\",\n \"CVE-2020-15113\",\n \"CVE-2020-15114\",\n \"CVE-2020-15115\",\n \"CVE-2020-15136\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0916\");\n\n script_name(english:\"RHEL 8 : Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0916 advisory.\n\n - etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n - etcd: DoS in wal/wal.go (CVE-2020-15112)\n\n - etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)\n\n - etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS\n (CVE-2020-15114)\n\n - etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords\n (CVE-2020-15115)\n\n - etcd: no authentication is performed against endpoints provided in the --endpoints flag (CVE-2020-15136)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1868883\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected etcd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15136\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-15115\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(285, 287, 305, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:etcd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/debug',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/os',\n 'content/dist/layered/rhel8/x86_64/openstack-tools/16/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/debug',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/os',\n 'content/dist/layered/rhel8/x86_64/openstack/16.1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'etcd-3.3.23-1.el8ost', 'cpu':'x86_64', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:51:52", "description": "Security fix for CVE-2020-15113, CVE-2020-15112, CVE-2020-15114, CVE-2020-15115, CVE-2020-15136, CVE-2020-15106\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "Fedora 32 : etcd (2020-cd43b84c16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15106", "CVE-2020-15112", "CVE-2020-15113", "CVE-2020-15114", "CVE-2020-15115", "CVE-2020-15136"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:etcd", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-CD43B84C16.NASL", "href": "https://www.tenable.com/plugins/nessus/144696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-cd43b84c16.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144696);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-15106\", \"CVE-2020-15112\", \"CVE-2020-15113\", \"CVE-2020-15114\", \"CVE-2020-15115\", \"CVE-2020-15136\");\n script_xref(name:\"FEDORA\", value:\"2020-cd43b84c16\");\n\n script_name(english:\"Fedora 32 : etcd (2020-cd43b84c16)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-15113, CVE-2020-15112, CVE-2020-15114,\nCVE-2020-15115, CVE-2020-15136, CVE-2020-15106\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-cd43b84c16\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected etcd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15136\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:etcd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"etcd-3.4.13-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"etcd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:33", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1507-1 advisory.\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both manifests and layers fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both manifests and layers fields or manifests and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\n - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. (CVE-2021-43565)\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\n - The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:1507-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41190", "CVE-2021-43565", "CVE-2022-23648", "CVE-2022-24769", "CVE-2022-27191"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-1507-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160493", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1507-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160493);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-41190\",\n \"CVE-2021-43565\",\n \"CVE-2022-23648\",\n \"CVE-2022-24769\",\n \"CVE-2022-27191\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1507-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:1507-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:1507-1 advisory.\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution\n of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone\n was used to determine the type of document during push and pull operations. Documents that contain both\n manifests and layers fields could be interpreted as either a manifest or an index in the absence of an\n accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a\n client may interpret the resulting content differently. The OCI Distribution Specification has been\n updated to require that a mediaType value present in a manifest or index match the Content-Type header\n used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type\n header and reject an ambiguous document that contains both manifests and layers fields or manifests\n and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\n - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an\n attacker to panic an SSH server. (CVE-2021-43565)\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in\n containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI\n implementation on Linux with a specially-crafted image configuration could gain access to read-only copies\n of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container\n setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been\n fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\n - The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to\n crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197517\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/010921.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ba7cdc5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27191\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or docker packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23648\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.5.11-16.57.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'containerd-1.5.11-16.57.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'containerd-1.5.11-16.57.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'containerd-1.5.11-16.57.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'docker-20.10.14_ce-98.80.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'docker-20.10.14_ce-98.80.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'docker-20.10.14_ce-98.80.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']},\n {'reference':'docker-20.10.14_ce-98.80.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12', 'SLES_SAP-release-12.3', 'SLES_SAP-release-12.4', 'SLES_SAP-release-12.5', 'SLE_HPC-release-12', 'sle-module-containers-release-12-0', 'sles-release-12', 'sles-release-12.3', 'sles-release-12.4', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0079 advisory.\n\n - golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter (CVE-2019-11840)\n\n - python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)\n\n - kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11.374 bug fix and (RHSA-2021:0079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11840", "CVE-2020-26137", "CVE-2020-8554"], "modified": "2023-05-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector", "p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog", "p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server", "p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler", "p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy", "p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal", "p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity", "p-cpe:/a:redhat:enterprise_linux:prometheus", "p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager", "p-cpe:/a:redhat:enterprise_linux:python2-urllib3"], "id": "REDHAT-RHSA-2021-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/145229", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0079. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145229);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/12\");\n\n script_cve_id(\"CVE-2019-11840\", \"CVE-2020-8554\", \"CVE-2020-26137\");\n script_xref(name:\"RHSA\", value:\"2021:0079\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.374 bug fix and (RHSA-2021:0079)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0079 advisory.\n\n - golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter (CVE-2019-11840)\n\n - python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)\n\n - kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1691529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1883632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891051\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26137\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(113, 200, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-urllib3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/3.11/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'openshift-ansible'},\n {'reference':'atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-clients-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-clients-redistributable-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-docker-excluder-3.11.374-1.git.0.ebd3ee9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-dockerregistry-3.11.374-1.git.481.e6a880c.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-excluder-3.11.374-1.git.0.ebd3ee9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-hypershift-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-master-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-template-service-broker-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference':'atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-ansible'},\n {'reference'