Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20T18:56:04

Description

## Summary IBM Cloud Private is vulnerable to multiple security vulnerabilities ## Vulnerability Details **CVEID:** [CVE-2018-5146](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146>) **DESCRIPTION:** libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140404> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-15422](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422>) **DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in ICU. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base Score: 6.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136054> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-15412](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412>) **DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base Score: 6.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136046> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-7526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526>) **DESCRIPTION:** Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. CVSS Base Score: 6.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128271> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) **CVEID:** [CVE-2018-1000122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122>) **DESCRIPTION:** curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. CVSS Base Score: 6.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140316> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) **CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) **DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2018-0733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733>) **DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) **CVEID:** [CVE-2017-17512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17512>) **DESCRIPTION:** sensible-utils package for Debian could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to validate strings before launching the program specified by the BROWSER environment variable in sensible-browser. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136182> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-17426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426>) **DESCRIPTION:** GNU C Library (aka glibc or libc6) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the per-thread cache (aka tcache) feature. By allocating an object whose size is close to SIZE_MAX, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135985> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-16612](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612>) **DESCRIPTION:** X.Org libXcursor is vulnerable to a heap-based buffer overflow, caused by various integer overflows. By sending specially-crafted cursors with programs like GIMP, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135813> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-16546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546>) **DESCRIPTION:** ImageMagick is vulnerable to a denial of service, caused by improper validation of the colormap index in a WPG palette in the ReadWPGImage function in coders/wpg.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134498> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2017-1000117](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117>) **DESCRIPTION:** Git could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper handling of the "ssh" URLs. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130244> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-1000116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116>) **DESCRIPTION:** Mercurial could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of hostnames passed to ssh. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133105> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-0379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379>) **DESCRIPTION:** Libgcrypt could allow a local attacker to obtain sensitive information, caused by a flaw in the cipher/ecc.c and mpi/ec.c. By using Curve25519 side-channel attacks, an attacker could exploit this vulnerability to discover a secret key. CVSS Base Score: 2.9 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131281> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [CVE-2017-15908](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908>) **DESCRIPTION:** systemd is vulnerable to a denial of service, caused by an error in the dns_packet_read_type_window function. By sending a specially-crafted DNS NSEC resource record data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134141> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2016-2774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2774>) **DESCRIPTION:** ISC DHCP is vulnerable to a denial of service, caused by the failure to limit the number of open TCP connections to the ports for inter-process communications and control. By opening a large number of TCP connections, a remote attacker from within the local network could exploit this vulnerability to become unresponsive or consume all available sockets. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111319> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2017-16544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544>) **DESCRIPTION:** BusyBox could allow a remote attacker to execute arbitrary code on the system, caused by the improper sanitization of filename in the add_match function in libbb/lineedit.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135207> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-15650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650>) **DESCRIPTION:** musl libc is vulnerable to a stack-based buffer overflow, caused by the failure to restrict the number of addresses in the dns_parse_callback function in network/lookup_name.c. By sending specially-crafted DNS replies, a remote attacker could exploit this vulnerability to provide an unexpected number of addresses. CVSS Base Score: 7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133862> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-12883](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883>) **DESCRIPTION:** PERL is vulnerable to a denial of service, caused by a buffer overflow in the regular expression parser. By using vectors involving the use of RExC_parse in the vFAIL macro, a remote attacker could exploit this vulnerability to cause the application to crash or leak data from memory. CVSS Base Score: 9.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132298> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) **CVEID:** [CVE-2017-10285](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10285>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to take control of the system. CVSS Base Score: 9.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133723> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) **CVEID:** [CVE-2017-9800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800>) **DESCRIPTION:** Apache Subversion could allow a remote attacker to execute arbitrary commands on the system, caused by the connection to URLs provided by the repository. By committing to a honest server, an attacker could exploit this vulnerability using a specially crafted svn+ssh:// URL to execute arbitrary shell commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130360> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-14867](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14867>) **DESCRIPTION:** Git could allow a remote attacker to execute arbitrary commands on the system, caused by the use of unsafe Perl scripts to support subcommands. By using specially-crafted shell metacharacters in a module name, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132826> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-5563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563>) **DESCRIPTION:** LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121605> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-8816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816>) **DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the NTLM authentication feature. By using vectors involving long user and password fields, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135657> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-6891](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891>) **DESCRIPTION:** GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127214> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-14176](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176>) **DESCRIPTION:** Bazaar could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when Subprocess SSH is used. By sending a bzr+ssh URL with an initial dash character in the hostname, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135732> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-13089](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089>) **DESCRIPTION:** GNU wget is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the skip_short_body() function in src/http.c. By sending a specially-crafted HTTP data, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134200> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions IBM Cloud Private 2.1.0 ## Remediation/Fixes For the 2.1.0.x releases: upgrade to version 2.1.0.3 Fix Pack 1 or later * [IBM Cloud Private 2.1.0.3 Fix Pack 1](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-2.1.0.3-build497276&includeSupersedes=0>) ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Change History 20 July 2018 - original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions. ## Internal Use Only PR:118490 | A:12622 | IBM Cloud private | IBM Cloud Private Package Vulnerabilities from Vulnerability Advisor Scan [323813] [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSBS6K","label":"IBM Cloud Private"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Affected Software

CPE Name	Name	Version
	IBM Cloud Private	2.1.0

{"id": "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private", "description": "## Summary\n\nIBM Cloud Private is vulnerable to multiple security vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-5146](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146>) \n**DESCRIPTION:** libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-15422](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422>) \n**DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in ICU. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136054> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-15412](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412>) \n**DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136046> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-7526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526>) \n**DESCRIPTION:** Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128271> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1000122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122>) \n**DESCRIPTION:** curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140316> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-17512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17512>) \n**DESCRIPTION:** sensible-utils package for Debian could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to validate strings before launching the program specified by the BROWSER environment variable in sensible-browser. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136182> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-17426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426>) \n**DESCRIPTION:** GNU C Library (aka glibc or libc6) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the per-thread cache (aka tcache) feature. By allocating an object whose size is close to SIZE_MAX, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135985> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-16612](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612>) \n**DESCRIPTION:** X.Org libXcursor is vulnerable to a heap-based buffer overflow, caused by various integer overflows. By sending specially-crafted cursors with programs like GIMP, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135813> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-16546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546>) \n**DESCRIPTION:** ImageMagick is vulnerable to a denial of service, caused by improper validation of the colormap index in a WPG palette in the ReadWPGImage function in coders/wpg.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134498> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-1000117](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117>) \n**DESCRIPTION:** Git could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper handling of the \"ssh\" URLs. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130244> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-1000116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116>) \n**DESCRIPTION:** Mercurial could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of hostnames passed to ssh. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133105> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-0379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379>) \n**DESCRIPTION:** Libgcrypt could allow a local attacker to obtain sensitive information, caused by a flaw in the cipher/ecc.c and mpi/ec.c. By using Curve25519 side-channel attacks, an attacker could exploit this vulnerability to discover a secret key. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131281> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-15908](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by an error in the dns_packet_read_type_window function. By sending a specially-crafted DNS NSEC resource record data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134141> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-2774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2774>) \n**DESCRIPTION:** ISC DHCP is vulnerable to a denial of service, caused by the failure to limit the number of open TCP connections to the ports for inter-process communications and control. By opening a large number of TCP connections, a remote attacker from within the local network could exploit this vulnerability to become unresponsive or consume all available sockets. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111319> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-16544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544>) \n**DESCRIPTION:** BusyBox could allow a remote attacker to execute arbitrary code on the system, caused by the improper sanitization of filename in the add_match function in libbb/lineedit.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135207> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-15650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650>) \n**DESCRIPTION:** musl libc is vulnerable to a stack-based buffer overflow, caused by the failure to restrict the number of addresses in the dns_parse_callback function in network/lookup_name.c. By sending specially-crafted DNS replies, a remote attacker could exploit this vulnerability to provide an unexpected number of addresses. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133862> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-12883](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883>) \n**DESCRIPTION:** PERL is vulnerable to a denial of service, caused by a buffer overflow in the regular expression parser. By using vectors involving the use of RExC_parse in the vFAIL macro, a remote attacker could exploit this vulnerability to cause the application to crash or leak data from memory. \nCVSS Base Score: 9.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132298> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)\n\n**CVEID:** [CVE-2017-10285](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10285>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133723> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-9800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800>) \n**DESCRIPTION:** Apache Subversion could allow a remote attacker to execute arbitrary commands on the system, caused by the connection to URLs provided by the repository. By committing to a honest server, an attacker could exploit this vulnerability using a specially crafted svn+ssh:// URL to execute arbitrary shell commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130360> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-14867](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14867>) \n**DESCRIPTION:** Git could allow a remote attacker to execute arbitrary commands on the system, caused by the use of unsafe Perl scripts to support subcommands. By using specially-crafted shell metacharacters in a module name, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132826> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-5563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563>) \n**DESCRIPTION:** LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-8816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816>) \n**DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the NTLM authentication feature. By using vectors involving long user and password fields, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135657> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-6891](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891>) \n**DESCRIPTION:** GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127214> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-14176](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176>) \n**DESCRIPTION:** Bazaar could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when Subprocess SSH is used. By sending a bzr+ssh URL with an initial dash character in the hostname, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135732> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-13089](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089>) \n**DESCRIPTION:** GNU wget is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the skip_short_body() function in src/http.c. By sending a specially-crafted HTTP data, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134200> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Private 2.1.0\n\n## Remediation/Fixes\n\nFor the 2.1.0.x releases: upgrade to version 2.1.0.3 Fix Pack 1 or later\n\n * [IBM Cloud Private 2.1.0.3 Fix Pack 1](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-2.1.0.3-build497276&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 July 2018 - original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\nPR:118490 | A:12622 | IBM Cloud private | IBM Cloud Private Package Vulnerabilities from Vulnerability Advisor Scan [323813]\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSBS6K\",\"label\":\"IBM Cloud Private\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "published": "2018-07-20T18:56:04", "modified": "2018-07-20T18:56:04", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/716653", "reporter": "IBM", "references": [], "cvelist": ["CVE-2016-2774", "CVE-2017-0379", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-10285", "CVE-2017-12883", "CVE-2017-13089", "CVE-2017-14176", "CVE-2017-14867", "CVE-2017-15412", "CVE-2017-15422", "CVE-2017-15650", "CVE-2017-15908", "CVE-2017-16544", "CVE-2017-16546", "CVE-2017-16612", "CVE-2017-17426", "CVE-2017-17512", "CVE-2017-5563", "CVE-2017-6891", "CVE-2017-7526", "CVE-2017-8816", "CVE-2017-9800", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-1000122", "CVE-2018-5146"], "immutableFields": [], "lastseen": "2022-06-28T21:59:57", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_OCT2017_ADVISORY.ASC", "OPENSSL_ADVISORY26.ASC"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2017-16544"]}, {"type": "amazon", "idList": ["ALAS-2017-882", "ALAS-2017-883", "ALAS-2017-893", "ALAS-2017-916", "ALAS-2017-917", "ALAS-2017-936", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1102", "ALAS-2018-1112", "ALAS-2018-938", "ALAS-2018-981", "ALAS-2018-995", "ALAS-2020-1415", "ALAS2-2018-1102", "ALAS2-2018-1135", "ALAS2-2018-981", "ALAS2-2018-995", "ALAS2-2019-1139", "ALAS2-2019-1162", "ALAS2-2020-1466"]}, {"type": "android", "idList": ["ANDROID:CVE-2018-5146"]}, {"type": "androidsecurity", "idList": ["ANDROID:2018-06-01"]}, {"type": "apple", "idList": ["APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:9E6A815375EBF8214DBB8A7CC0256BBD", "APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B3402276360A8C507F94E26E15D465F4", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208103", "APPLE:HT208326", "APPLE:HT208331", "APPLE:HT208465", "APPLE:HT208692", "APPLE:HT208693", "APPLE:HT208696", "APPLE:HT208698"]}, {"type": "archlinux", "idList": ["ASA-201706-10", "ASA-201706-3", "ASA-201707-1", "ASA-201708-14", "ASA-201708-6", "ASA-201708-7", "ASA-201709-13", "ASA-201709-14", "ASA-201710-28", "ASA-201710-34", "ASA-201711-36", "ASA-201711-37", "ASA-201711-38", "ASA-201711-41", "ASA-201711-42", "ASA-201712-5", "ASA-201803-1", "ASA-201803-12", "ASA-201803-13", "ASA-201803-15", "ASA-201803-16", "ASA-201803-17", "ASA-201803-18", "ASA-201803-19", "ASA-201803-2", "ASA-201803-20", "ASA-201803-21", "ASA-201803-22", "ASA-201804-2"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-10593", "BSERV-10593"]}, {"type": "centos", "idList": ["CESA-2016:2590", "CESA-2017:2480", "CESA-2017:2484", "CESA-2017:2485", "CESA-2017:2489", "CESA-2017:2998", "CESA-2017:3075", "CESA-2017:3392", "CESA-2018:0549", "CESA-2018:0647", "CESA-2018:0648", "CESA-2018:0649", "CESA-2018:1058", "CESA-2018:3090", "CESA-2018:3157", "CESA-2018:3221", "CESA-2020:1190"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0721", "CPAI-2017-1067", "CPAI-2018-0364", "CPAI-2018-0508"]}, {"type": "chrome", "idList": ["GCSA-6993857189147290065"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1D977E29F1169EF928BB4A0BAE75A4E4", "CFOUNDRY:21A806FB62D8EE8039931A5D1193F96D", "CFOUNDRY:23B1515F8D5457421D7BC84DE82AEE7A", "CFOUNDRY:3607F073AC0C0689C426D68F1CF8129C", "CFOUNDRY:419C347150598833F1C493E269FE4871", "CFOUNDRY:6B20128629C77D85690FBF074EA87264", "CFOUNDRY:6F1748AC27643D000D57D4149581C0E6", "CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4", "CFOUNDRY:81EBD6DFAEE8502A1AEE7ACA1D96C999", "CFOUNDRY:8E90EE64991E73AC2CBE12506599D790", "CFOUNDRY:9552DBD3D0A554043D3D1889155F0A00", "CFOUNDRY:9E506E18A6C066C40517800C5F324360", "CFOUNDRY:A2C1214772F351A51ABA0A47D3042A74", "CFOUNDRY:B92BE0D66798E831F55CF2D88AA976E4", "CFOUNDRY:C35A6FAC24A991475775DAEC1BA5FB2D", "CFOUNDRY:C7C8B32CB5620BC0DBF4628242A0032D", "CFOUNDRY:C92D03340354BF525BF42A6053FD5447", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "CFOUNDRY:CD433251F203CC63F47CBA9B57F2C229", "CFOUNDRY:D21D51A50EB896BB75DB194B9CF9D65F", "CFOUNDRY:EF240CA7BABF3CA7CF41F4557E09A150", "CFOUNDRY:F32EC67CB8EF3A5AC3DF32865AAB787D"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2016-2774", "CVE-2017-0379", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-10285", "CVE-2017-12883", "CVE-2017-12976", "CVE-2017-13089", "CVE-2017-14176", "CVE-2017-14867", "CVE-2017-15412", "CVE-2017-15422", "CVE-2017-15650", "CVE-2017-15908", "CVE-2017-16228", "CVE-2017-16544", "CVE-2017-16546", "CVE-2017-16612", "CVE-2017-17426", "CVE-2017-17459", "CVE-2017-17512", "CVE-2017-18087", "CVE-2017-5563", "CVE-2017-6891", "CVE-2017-7526", "CVE-2017-8816", "CVE-2017-9800", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-1000122", "CVE-2018-14618", "CVE-2018-5146", "CVE-2018-5147"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1015-1:A2F8B", "DEBIAN:DLA-1052-1:8FD73", "DEBIAN:DLA-1068-1:4D50B", "DEBIAN:DLA-1068-1:EE3F1", "DEBIAN:DLA-1072-1:C63A2", "DEBIAN:DLA-1080-1:E4894", "DEBIAN:DLA-1107-1:19352", "DEBIAN:DLA-1107-1:992AA", "DEBIAN:DLA-1120-1:E5021", "DEBIAN:DLA-1144-1:E0FFD", "DEBIAN:DLA-1149-1:08CFA", "DEBIAN:DLA-1187-1:57EAE", "DEBIAN:DLA-1187-1:D4BAC", "DEBIAN:DLA-1201-1:90536", "DEBIAN:DLA-1201-1:C40FD", "DEBIAN:DLA-1209-1:11DCC", "DEBIAN:DLA-1211-1:EA9E0", "DEBIAN:DLA-1309-1:3655B", "DEBIAN:DLA-1319-1:37938", "DEBIAN:DLA-1319-1:56612", "DEBIAN:DLA-1327-1:7C5BC", "DEBIAN:DLA-1327-1:CD08B", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1368-1:39537", "DEBIAN:DLA-1445-1:15231", "DEBIAN:DLA-1445-1:1C330", "DEBIAN:DLA-1495-1:43D4C", "DEBIAN:DLA-2003-1:1DD00", "DEBIAN:DLA-2559-1:C6843", "DEBIAN:DLA-950-1:6137B", "DEBIAN:DSA-3861-1:84787", "DEBIAN:DSA-3861-1:C9991", "DEBIAN:DSA-3901-1:195D0", "DEBIAN:DSA-3901-1:4B6A4", "DEBIAN:DSA-3932-1:2FDE9", "DEBIAN:DSA-3932-1:A3186", "DEBIAN:DSA-3934-1:C7991", "DEBIAN:DSA-3934-1:D2EA9", "DEBIAN:DSA-3959-1:38ABA", "DEBIAN:DSA-3959-1:3F3DD", "DEBIAN:DSA-3960-1:29BD6", "DEBIAN:DSA-3960-1:319AE", "DEBIAN:DSA-3963-1:87772", "DEBIAN:DSA-3963-1:CD9EC", "DEBIAN:DSA-3982-1:97B3E", "DEBIAN:DSA-3982-1:C3DAC", "DEBIAN:DSA-4008-1:604F8", "DEBIAN:DSA-4015-1:4398C", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4048-1:C97BF", "DEBIAN:DSA-4051-1:99280", "DEBIAN:DSA-4052-1:1117D", "DEBIAN:DSA-4059-1:455E2", "DEBIAN:DSA-4071-1:2EA79", "DEBIAN:DSA-4074-1:AED98", "DEBIAN:DSA-4086-1:58F72", "DEBIAN:DSA-4086-1:8DFD7", "DEBIAN:DSA-4136-1:5B46E", "DEBIAN:DSA-4140-1:DC99A", "DEBIAN:DSA-4140-1:E62A2", "DEBIAN:DSA-4143-1:F445E", "DEBIAN:DSA-4150-1:2E864", "DEBIAN:DSA-4155-1:874A1", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4158-1:561AF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-2774", "DEBIANCVE:CVE-2017-0379", "DEBIANCVE:CVE-2017-1000116", "DEBIANCVE:CVE-2017-1000117", "DEBIANCVE:CVE-2017-10285", "DEBIANCVE:CVE-2017-12883", "DEBIANCVE:CVE-2017-12976", "DEBIANCVE:CVE-2017-13089", "DEBIANCVE:CVE-2017-14176", "DEBIANCVE:CVE-2017-14867", "DEBIANCVE:CVE-2017-15412", "DEBIANCVE:CVE-2017-15422", "DEBIANCVE:CVE-2017-15650", "DEBIANCVE:CVE-2017-15908", "DEBIANCVE:CVE-2017-16228", "DEBIANCVE:CVE-2017-16544", "DEBIANCVE:CVE-2017-16546", "DEBIANCVE:CVE-2017-16612", "DEBIANCVE:CVE-2017-17426", "DEBIANCVE:CVE-2017-17459", "DEBIANCVE:CVE-2017-17512", "DEBIANCVE:CVE-2017-5563", "DEBIANCVE:CVE-2017-6891", "DEBIANCVE:CVE-2017-7526", "DEBIANCVE:CVE-2017-8816", "DEBIANCVE:CVE-2017-9800", "DEBIANCVE:CVE-2018-0733", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-1000122", "DEBIANCVE:CVE-2018-14618", "DEBIANCVE:CVE-2018-5146", "DEBIANCVE:CVE-2018-5147"]}, {"type": "f5", "idList": ["F5:K08044291", "F5:K20281756", "F5:K30409575", "F5:K45625134", "F5:K46552732", "F5:K62318311", "F5:K62695363", "F5:K76678525", "SOL30409575"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:046E16076016", "FEDORA:0F54C60BE23D", "FEDORA:1BDBA60874B4", "FEDORA:1C87760F6574", "FEDORA:2051C604DA6B", "FEDORA:2237361FD649", "FEDORA:2E8D96005552", "FEDORA:3EC4162335F8", "FEDORA:41A6660CADCC", "FEDORA:4813E602F5BE", "FEDORA:4C1B66085F97", "FEDORA:4E7B960A8F88", "FEDORA:5750160173C4", "FEDORA:597806048158", "FEDORA:5C8E66094E72", "FEDORA:5CFCF60A5875", "FEDORA:65418606FD9D", "FEDORA:68D44601BD0C", "FEDORA:6B4D86087671", "FEDORA:6D83460153C4", "FEDORA:7016960CADB6", "FEDORA:70A8560478E4", "FEDORA:73956600DD0A", "FEDORA:7AC3560620E6", "FEDORA:7B564604AACC", "FEDORA:8187E60A2920", "FEDORA:83E6960C3522", "FEDORA:855A9625F2AD", "FEDORA:87D78601E81F", "FEDORA:8A4C5604F0D5", "FEDORA:8EA746050C5D", "FEDORA:8FDC7602F058", "FEDORA:919766085AD4", "FEDORA:93899601DD82", "FEDORA:94054604BB3C", "FEDORA:94740605F8FC", "FEDORA:9543060799F0", "FEDORA:9AA94604D744", "FEDORA:A65EF601DD8C", "FEDORA:A9F06601B24A", "FEDORA:ABF55607D651", "FEDORA:ACC466324C7C", "FEDORA:AD05E6076A12", "FEDORA:ADC0A6183EC8", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B98866076020", "FEDORA:BFACF60A35B3", "FEDORA:BFD6D6095533", "FEDORA:C2FD06087D91", "FEDORA:C42316075EE2", "FEDORA:C9F7960754A8", "FEDORA:CAFF160478EB", "FEDORA:CB0976087487", "FEDORA:DA00060CFA9B", "FEDORA:E1BA960799FC", "FEDORA:EC7F86046254", "FEDORA:ECE8A60C25DB", "FEDORA:F13AD615CE72", "FEDORA:F2FCA60C94C8"]}, {"type": "freebsd", "idList": ["09849E71-BB12-11E7-8357-3065EC6F3643", "1D33CDEE-7F6B-11E7-A9B5-3DEBB10A6871", "1D951E85-FFDB-11E7-8B91-E8E0B747A45A", "22F28BB3-8D98-11E7-8C37-E8E0B747A45A", "301A01B7-D50E-11E7-AC58-B499BAEBFEAF", "6E80BD9B-7E9B-11E7-ABFE-90E2BAA3BAFC", "7943794F-707F-4E31-9FEA-3BBF1DDCEDC1", "7DA0417F-6B24-11E8-84CC-002590ACAE31", "909BE51B-9B3B-11E8-ADD2-B499BAEBFEAF", "B0628E53-092A-4037-938B-29805A7CD31B", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "D9E82328-A129-11E7-987E-4F174049B30A", "DDECDE18-E33B-11E7-A293-54E1AD3D6335", "ED3BF433-5D92-11E7-AA14-E8E0B747A45A", "F4D638B9-E6E5-4DBE-8C70-571DBC116174"]}, {"type": "gentoo", "idList": ["GLSA-201709-09", "GLSA-201709-10", "GLSA-201709-18", "GLSA-201709-27", "GLSA-201710-11", "GLSA-201710-31", "GLSA-201711-06", "GLSA-201711-14", "GLSA-201712-04", "GLSA-201801-03", "GLSA-201801-04", "GLSA-201803-12", "GLSA-201804-04", "GLSA-201811-13", "GLSA-201811-21", "GLSA-202007-53"]}, {"type": "hackerone", "idList": ["H1:260005", "H1:287666"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["08885FD1C579206B83E3A6D7ECAEE2D6D389445AC6F4EC087A4B0DEDB16945EC", "0A251B57941452CDFD64C031582A8D13D6719AEDB99EBF965740CC5E04A717D6", "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0C7609318AF818E2AFEBBD4DA073B7735084B043A6F31DFB0A137B74FE76417C", "0CD92D65217BA19C95B4BF36EC77E046C138F6AB1AD196921ED6297F35FEB8C1", "153C8B988C1EC44C13B0535341913C2F66090DDDFC18D3C49268B9CA9BFFB899", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "192042AC3BC36148AC8C3F975E07171FCF47933C1EBFD71D9BBFC62BF170DDA3", "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "20C4435BAC00C098E35FC9558CC32D917A8080A382905ACB9CA97666DEE3A1C4", "231E423B28752DD6263DBEC8D8F06E8A6EC0C4DA14543D958731A02C8193E5EE", "244ECED1318E3472926D72334F870E4E52EEBDA4CBF4408680F466AF6B21AED2", "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "2C79ED95B1DDF725C67F241D5C01546FA0476ABBA3CE0E75B8B5CD09C4F93D6C", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "30F126C0FEE1D6C0436DFF1A6751EE8FDE2C7921F8AC99F5FF4DF624573C80E8", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "3851D26A1B7DF88EA8BA11EEB80A7341FC47BF9EE9F99E03682D841ED55868A9", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3EBBC018B9C20064FA93BD55BE600CC6490AE50FA79F34184DC280317D13D2D0", "3F709EA726EB2BD99A9BF0A52B5FBF758B042727BAB188CBB7DC446E3FE28E4C", "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "41F5CD2E8E0BA41C7BAE3BBD46EBA2066E860D2EF69271DEDF12577C4F5E3643", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "5629D4CB5FDAA094E583133F9915D6280C8B5F2DF6594A955EE3D8AD1E47DA7E", "58738F67583B73D0E5E9C05CA0953E844D2E77F068E3346BC7AE4D527FF367B2", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5B0FE98812679A100B17416086E03F3BF8E785AFC9E9B468A417BA48F18E5195", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "6F167D499B2A5EFC5FF37F5C3C59231B209D96D3E83F2F95ED707FF9F72461C9", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8AF09D39919DFCEDA59D30328E778381C2630CD9C097879DBB5204834A432A43", "949D058C8D46FE2167CE3D6FD2DA4133932AC4110D96EB07B6323F33EFC7785F", "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "99D7CE76B897DC4976E62E97370D722C59FD797F6A7F3820BC105038217CC75D", "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "A4829964562D4DA75AC835389538AF91BE820F503BFE614BB74E402BC80BACA1", "B7E9CE33A8766104CBF43CF1EF0D10747A799C0A2ADF534A80658077B861D8FA", "B7F231EEDEA746DC113060FCA6FAC47525E46D9C23078C266970EEDDCAB7A513", "BEE773E4A6A548D08B8B9B27B8581116109A00DD9D98FECB148AD73D2A44F35E", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "C6771A870A37ADA11D50A5F13962E90868941CD1B5E16CAD1FC321B24791BB0D", "C88FD4D469A35327F18A441E0F6F16137E5E2FA23925AE0EC11E2F76B3D0967E", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CC5F277D3ACAE3335BA730A0207062A84F97F8B011460F964107C4802703541B", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D9D40D2511E3353489FD37F0A8FDA8372BA8FB5B1DABC3822BCFFAB3AF68F6BA", "DFBF8270196E2043086B670889FD4B25491E875B01506321C770B6282C5BD9F4", "E228AE26D557AC2FB8C5AF13926D0970F3BAC5922DC3700312E52FD8E2BD1B47", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "EDE3914DED34E2CA326ED77AF6882B132AC7EA774AA1D16CA45C10E7D5FA4D64", "F07DB3E9DE713D6D6258FA7BB69C354916D6B592DF066F85F76143C8963BA25E", "F1FCAD9702724B4983D6B5417FBF364CD19F0F19F7D722D5D70F3F75EFCA5438", "F78587255E6EF46DCF6D5A2D005E1C4D58C0A497AB8A85F9D3A5219A4BA349EE", "FBE0F918F89C2D8B7FF216A82D42F177776227A58ABE2E657BDE512095B69EA7", "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "FE2CBC1A2D4886BFE6E3B33B7961AF6CF129572F17C3BF21BA697A2FB4873467", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "ics", "idList": ["ICSA-20-240-01"]}, {"type": "kaspersky", "idList": ["KLA11122", "KLA11152", "KLA11229", "KLA11236", "KLA11279", "KLA11594", "KLA11595"]}, {"type": "mageia", "idList": ["MGAA-2018-0067", "MGASA-2017-0159", "MGASA-2017-0213", "MGASA-2017-0235", "MGASA-2017-0266", "MGASA-2017-0273", "MGASA-2017-0282", "MGASA-2017-0331", "MGASA-2017-0334", "MGASA-2017-0396", "MGASA-2017-0404", "MGASA-2017-0443", "MGASA-2017-0460", "MGASA-2017-0484", "MGASA-2018-0047", "MGASA-2018-0048", "MGASA-2018-0049", "MGASA-2018-0050", "MGASA-2018-0053", "MGASA-2018-0054", "MGASA-2018-0058", "MGASA-2018-0179", "MGASA-2018-0190", "MGASA-2018-0203", "MGASA-2018-0207", "MGASA-2018-0229", "MGASA-2018-0257", "MGASA-2018-0339", "MGASA-2018-0423"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-HTTP-GIT_SUBMODULE_COMMAND_EXEC-"]}, {"type": "mozilla", "idList": ["MFSA2018-08", "MFSA2018-09"]}, {"type": "myhack58", "idList": ["MYHACK58:62201788524"]}, {"type": "nessus", "idList": ["700328.PRM", "700329.PRM", "700335.PRM", "700336.PRM", "700351.PASL", "700515.PRM", "700627.PRM", "700629.PRM", "700655.PRM", "AIX_OPENSSL_ADVISORY26.NASL", "AL2_ALAS-2018-1102.NASL", "AL2_ALAS-2018-1135.NASL", "AL2_ALAS-2018-981.NASL", "AL2_ALAS-2018-995.NASL", "AL2_ALAS-2019-1139.NASL", "AL2_ALAS-2019-1162.NASL", "AL2_ALAS-2020-1466.NASL", "ALA_ALAS-2017-882.NASL", "ALA_ALAS-2017-883.NASL", "ALA_ALAS-2017-893.NASL", "ALA_ALAS-2017-916.NASL", "ALA_ALAS-2017-917.NASL", "ALA_ALAS-2017-936.NASL", "ALA_ALAS-2018-1065.NASL", "ALA_ALAS-2018-1069.NASL", "ALA_ALAS-2018-1070.NASL", "ALA_ALAS-2018-1102.NASL", "ALA_ALAS-2018-1112.NASL", "ALA_ALAS-2018-938.NASL", "ALA_ALAS-2018-981.NASL", "ALA_ALAS-2018-995.NASL", "ALA_ALAS-2020-1415.NASL", "APPLE_IOS_113_CHECK.NBIN", "CENTOS_RHSA-2016-2590.NASL", "CENTOS_RHSA-2017-2480.NASL", "CENTOS_RHSA-2017-2484.NASL", "CENTOS_RHSA-2017-2485.NASL", "CENTOS_RHSA-2017-2489.NASL", "CENTOS_RHSA-2017-2998.NASL", "CENTOS_RHSA-2017-3075.NASL", "CENTOS_RHSA-2017-3392.NASL", "CENTOS_RHSA-2018-0549.NASL", "CENTOS_RHSA-2018-0647.NASL", "CENTOS_RHSA-2018-0648.NASL", "CENTOS_RHSA-2018-0649.NASL", "CENTOS_RHSA-2018-1058.NASL", "CENTOS_RHSA-2018-3090.NASL", "CENTOS_RHSA-2018-3157.NASL", "CENTOS_RHSA-2018-3221.NASL", "CENTOS_RHSA-2020-1190.NASL", "DEBIAN_DLA-1015.NASL", "DEBIAN_DLA-1052.NASL", "DEBIAN_DLA-1068.NASL", "DEBIAN_DLA-1072.NASL", "DEBIAN_DLA-1080.NASL", "DEBIAN_DLA-1107.NASL", "DEBIAN_DLA-1120.NASL", "DEBIAN_DLA-1144.NASL", "DEBIAN_DLA-1149.NASL", "DEBIAN_DLA-1187.NASL", "DEBIAN_DLA-1201.NASL", "DEBIAN_DLA-1209.NASL", "DEBIAN_DLA-1211.NASL", "DEBIAN_DLA-1309.NASL", "DEBIAN_DLA-1319.NASL", "DEBIAN_DLA-1327.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DLA-1368.NASL", "DEBIAN_DLA-1495.NASL", "DEBIAN_DLA-2003.NASL", "DEBIAN_DLA-2559.NASL", "DEBIAN_DLA-950.NASL", "DEBIAN_DSA-3861.NASL", "DEBIAN_DSA-3901.NASL", "DEBIAN_DSA-3932.NASL", "DEBIAN_DSA-3934.NASL", "DEBIAN_DSA-3959.NASL", "DEBIAN_DSA-3960.NASL", "DEBIAN_DSA-3963.NASL", "DEBIAN_DSA-3982.NASL", "DEBIAN_DSA-3984.NASL", "DEBIAN_DSA-4008.NASL", "DEBIAN_DSA-4015.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4048.NASL", "DEBIAN_DSA-4051.NASL", "DEBIAN_DSA-4052.NASL", "DEBIAN_DSA-4059.NASL", "DEBIAN_DSA-4071.NASL", "DEBIAN_DSA-4074.NASL", "DEBIAN_DSA-4086.NASL", "DEBIAN_DSA-4136.NASL", "DEBIAN_DSA-4140.NASL", "DEBIAN_DSA-4143.NASL", "DEBIAN_DSA-4150.NASL", "DEBIAN_DSA-4155.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "EULEROS_SA-2016-1065.NASL", "EULEROS_SA-2017-1175.NASL", "EULEROS_SA-2017-1176.NASL", "EULEROS_SA-2017-1187.NASL", "EULEROS_SA-2017-1188.NASL", "EULEROS_SA-2017-1217.NASL", "EULEROS_SA-2017-1218.NASL", "EULEROS_SA-2017-1254.NASL", "EULEROS_SA-2017-1255.NASL", "EULEROS_SA-2017-1265.NASL", "EULEROS_SA-2017-1266.NASL", "EULEROS_SA-2017-1269.NASL", "EULEROS_SA-2017-1270.NASL", "EULEROS_SA-2017-1272.NASL", "EULEROS_SA-2017-1273.NASL", "EULEROS_SA-2017-1330.NASL", "EULEROS_SA-2017-1331.NASL", "EULEROS_SA-2018-1003.NASL", "EULEROS_SA-2018-1004.NASL", "EULEROS_SA-2018-1104.NASL", "EULEROS_SA-2018-1105.NASL", "EULEROS_SA-2018-1109.NASL", "EULEROS_SA-2018-1110.NASL", "EULEROS_SA-2018-1117.NASL", "EULEROS_SA-2018-1118.NASL", "EULEROS_SA-2018-1155.NASL", "EULEROS_SA-2018-1189.NASL", "EULEROS_SA-2018-1203.NASL", "EULEROS_SA-2018-1330.NASL", "EULEROS_SA-2018-1334.NASL", "EULEROS_SA-2018-1335.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2018-1446.NASL", "EULEROS_SA-2019-1007.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1034.NASL", "EULEROS_SA-2019-1082.NASL", "EULEROS_SA-2019-1162.NASL", "EULEROS_SA-2019-1185.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1211.NASL", "EULEROS_SA-2019-1237.NASL", "EULEROS_SA-2019-1240.NASL", "EULEROS_SA-2019-1311.NASL", "EULEROS_SA-2019-1312.NASL", "EULEROS_SA-2019-1385.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1413.NASL", "EULEROS_SA-2019-1417.NASL", "EULEROS_SA-2019-1420.NASL", "EULEROS_SA-2019-1443.NASL", "EULEROS_SA-2019-1540.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1549.NASL", "EULEROS_SA-2019-1750.NASL", "EULEROS_SA-2019-2006.NASL", "EULEROS_SA-2019-2153.NASL", "EULEROS_SA-2019-2205.NASL", "EULEROS_SA-2019-2390.NASL", "EULEROS_SA-2019-2466.NASL", "EULEROS_SA-2020-1106.NASL", "EULEROS_SA-2020-1189.NASL", "EULEROS_SA-2020-1454.NASL", "EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1568.NASL", "EULEROS_SA-2020-2099.NASL", "EULEROS_SA-2021-1060.NASL", "EULEROS_SA-2021-1180.NASL", "EULEROS_SA-2021-1283.NASL", "EULEROS_SA-2021-1393.NASL", "EULEROS_SA-2021-1464.NASL", "EULEROS_SA-2021-1671.NASL", "EULEROS_SA-2021-1813.NASL", "EULEROS_SA-2021-2360.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "FEDORA_2016-3E64B32A91.NASL", "FEDORA_2016-821F013CB1.NASL", "FEDORA_2016-C93D49FAF3.NASL", "FEDORA_2017-0C062324CD.NASL", "FEDORA_2017-10FBCE01EC.NASL", "FEDORA_2017-1D1A38BDD1.NASL", "FEDORA_2017-2008FDD7E2.NASL", "FEDORA_2017-22107B1986.NASL", "FEDORA_2017-2FAB3F12C4.NASL", "FEDORA_2017-3B70D0B976.NASL", "FEDORA_2017-45BDF4DACE.NASL", "FEDORA_2017-5115BAF0E6.NASL", "FEDORA_2017-7AE07E9F1F.NASL", "FEDORA_2017-80C6B4D3BE.NASL", "FEDORA_2017-89492F7161.NASL", "FEDORA_2017-8BA7572CFD.NASL", "FEDORA_2017-8CD171F540.NASL", "FEDORA_2017-951B6A78D4.NASL", "FEDORA_2017-A348B32EB5.NASL", "FEDORA_2017-A9C79EED83.NASL", "FEDORA_2017-B1B3AE6666.NASL", "FEDORA_2017-BCDECA9D41.NASL", "FEDORA_2017-C2645AA935.NASL", "FEDORA_2017-C7C3F7ED26.NASL", "FEDORA_2017-D5CF1A55CE.NASL", "FEDORA_2017-DE8A421DCD.NASL", "FEDORA_2017-EA44F172E3.NASL", "FEDORA_2017-F03B04ACBB.NASL", "FEDORA_2017-F0B3231763.NASL", "FEDORA_2017-FA1D8AD61A.NASL", "FEDORA_2017-FB5E227432.NASL", "FEDORA_2018-061BAFE369.NASL", "FEDORA_2018-0EED1BE1C0.NASL", "FEDORA_2018-1A85045C79.NASL", "FEDORA_2018-1B4F1158E2.NASL", "FEDORA_2018-1C5DADA34B.NASL", "FEDORA_2018-2F696A3BE3.NASL", "FEDORA_2018-39E0872379.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-49651B2236.NASL", "FEDORA_2018-66C96E0024.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-8877B4CCAC.NASL", "FEDORA_2018-9490B422E7.NASL", "FEDORA_2018-9D667BDFF8.NASL", "FEDORA_2018-AAFDBB5554.NASL", "FEDORA_2018-BC65AB5014.NASL", "FEDORA_2018-C0D3DB441F.NASL", "FEDORA_2018-DEF329F680.NASL", "FEDORA_2018-E08D828ED9.NASL", "FEDORA_2018-F26D891469.NASL", "FEDORA_2018-FAFF5F661E.NASL", "FEDORA_2019-2E385F97E2.NASL", "FREEBSD_PKG_09849E71BB1211E783573065EC6F3643.NASL", "FREEBSD_PKG_1D33CDEE7F6B11E7A9B53DEBB10A6871.NASL", "FREEBSD_PKG_1D951E85FFDB11E78B91E8E0B747A45A.NASL", "FREEBSD_PKG_22F28BB38D9811E78C37E8E0B747A45A.NASL", "FREEBSD_PKG_301A01B7D50E11E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_6E80BD9B7E9B11E7ABFE90E2BAA3BAFC.NASL", "FREEBSD_PKG_7943794F707F4E319FEA3BBF1DDCEDC1.NASL", "FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL", "FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL", "FREEBSD_PKG_B0628E53092A4037938B29805A7CD31B.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_D9E82328A12911E7987E4F174049B30A.NASL", "FREEBSD_PKG_DDECDE18E33B11E7A29354E1AD3D6335.NASL", "FREEBSD_PKG_ED3BF4335D9211E7AA14E8E0B747A45A.NASL", "FREEBSD_PKG_F4D638B9E6E54DBE8C70571DBC116174.NASL", "GENTOO_GLSA-201709-09.NASL", "GENTOO_GLSA-201709-10.NASL", "GENTOO_GLSA-201709-18.NASL", "GENTOO_GLSA-201709-27.NASL", "GENTOO_GLSA-201710-11.NASL", "GENTOO_GLSA-201710-31.NASL", "GENTOO_GLSA-201711-06.NASL", "GENTOO_GLSA-201711-14.NASL", "GENTOO_GLSA-201712-04.NASL", "GENTOO_GLSA-201801-03.NASL", "GENTOO_GLSA-201801-04.NASL", "GENTOO_GLSA-201803-12.NASL", "GENTOO_GLSA-201804-04.NASL", "GENTOO_GLSA-201811-13.NASL", "GENTOO_GLSA-201811-21.NASL", "GENTOO_GLSA-202007-53.NASL", "GIT_FOR_WINDOWS_2_14_1.NASL", "GOOGLE_CHROME_63_0_3239_84.NASL", "IBM_JAVA_2017_10_17.NASL", "IBM_TEM_9_5_10.NASL", "MACOSX_GOOGLE_CHROME_63_0_3239_84.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOSX_SECUPD2018-002.NASL", "MACOSX_XCODE_9.NASL", "MACOS_10_13_2.NASL", "MACOS_10_13_3.NASL", "MACOS_10_13_4.NASL", "MACOS_FIREFOX_52_7_2_ESR.NASL", "MACOS_FIREFOX_59_0_1.NASL", "MOZILLA_FIREFOX_52_7_2_ESR.NASL", "MOZILLA_FIREFOX_59_0_1.NASL", "MYSQL_5_6_41_RPM.NASL", "MYSQL_5_7_23.NASL", "MYSQL_5_7_23_RPM.NASL", "MYSQL_8_0_12.NASL", "MYSQL_8_0_12_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_4_8.NASL", "NEWSTART_CGSL_NS-SA-2019-0003_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0011_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2019-0017_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2019-0026_LIBVORBIS.NASL", "NEWSTART_CGSL_NS-SA-2019-0039_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "NEWSTART_CGSL_NS-SA-2019-0116_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0119_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0120_GIT.NASL", "NEWSTART_CGSL_NS-SA-2019-0122_LIBVORBIS.NASL", "NEWSTART_CGSL_NS-SA-2019-0124_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2019-0126_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2019-0171_CURL.NASL", "NEWSTART_CGSL_NS-SA-2019-0182_CURL.NASL", "NEWSTART_CGSL_NS-SA-2020-0060_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2020-0091_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2021-0053_GLIBC.NASL", "NUTANIX_NXSA-AOS-5_10_9.NASL", "NUTANIX_NXSA-AOS-5_11_2.NASL", "NUTANIX_NXSA-AOS-5_16.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "OPENSSL_1_0_2O.NASL", "OPENSSL_1_1_0H.NASL", "OPENSUSE-2016-887.NASL", "OPENSUSE-2017-1115.NASL", "OPENSUSE-2017-1167.NASL", "OPENSUSE-2017-1210.NASL", "OPENSUSE-2017-1269.NASL", "OPENSUSE-2017-1304.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1349.NASL", "OPENSUSE-2017-1413.NASL", "OPENSUSE-2017-796.NASL", "OPENSUSE-2017-939.NASL", "OPENSUSE-2017-940.NASL", "OPENSUSE-2017-941.NASL", "OPENSUSE-2017-988.NASL", "OPENSUSE-2018-117.NASL", "OPENSUSE-2018-14.NASL", "OPENSUSE-2018-154.NASL", "OPENSUSE-2018-196.NASL", "OPENSUSE-2018-278.NASL", "OPENSUSE-2018-299.NASL", "OPENSUSE-2018-308.NASL", "OPENSUSE-2018-313.NASL", "OPENSUSE-2018-361.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-517.NASL", "OPENSUSE-2018-56.NASL", "OPENSUSE-2018-807.NASL", "OPENSUSE-2018-823.NASL", "OPENSUSE-2018-844.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-1510.NASL", "OPENSUSE-2019-563.NASL", "OPENSUSE-2022-0135-1.NASL", "ORACLELINUX_ELSA-2016-2590.NASL", "ORACLELINUX_ELSA-2017-2480.NASL", "ORACLELINUX_ELSA-2017-2484.NASL", "ORACLELINUX_ELSA-2017-2485.NASL", "ORACLELINUX_ELSA-2017-2489.NASL", "ORACLELINUX_ELSA-2017-2998.NASL", "ORACLELINUX_ELSA-2017-3075.NASL", "ORACLELINUX_ELSA-2017-3392.NASL", "ORACLELINUX_ELSA-2018-0549.NASL", "ORACLELINUX_ELSA-2018-0647.NASL", "ORACLELINUX_ELSA-2018-0648.NASL", "ORACLELINUX_ELSA-2018-0649.NASL", "ORACLELINUX_ELSA-2018-1058.NASL", "ORACLELINUX_ELSA-2018-3090.NASL", "ORACLELINUX_ELSA-2018-3157.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLEVM_OVMSA-2018-0030.NASL", "ORACLEVM_OVMSA-2018-0031.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2018.NASL", "ORACLE_JAVA_CPU_OCT_2017.NASL", "ORACLE_JAVA_CPU_OCT_2017_UNIX.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_JUL_2018.NASL", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PFSENSE_2_3_5.NASL", "PHOTONOS_PHSA-2016-0013.NASL", "PHOTONOS_PHSA-2016-0013_DHCP.NASL", "PHOTONOS_PHSA-2017-0031.NASL", "PHOTONOS_PHSA-2017-0031_SUBVERSION.NASL", "PHOTONOS_PHSA-2017-0037.NASL", "PHOTONOS_PHSA-2017-0037_PERL.NASL", "PHOTONOS_PHSA-2017-0037_RUBY.NASL", "PHOTONOS_PHSA-2017-0038.NASL", "PHOTONOS_PHSA-2017-0040.NASL", "PHOTONOS_PHSA-2017-0040_OPENJDK.NASL", "PHOTONOS_PHSA-2017-0040_OPENJRE.NASL", "PHOTONOS_PHSA-2017-0044.NASL", "PHOTONOS_PHSA-2017-0044_SYSTEMD.NASL", "PHOTONOS_PHSA-2017-0045.NASL", "PHOTONOS_PHSA-2017-0045_SYSTEMD.NASL", "PHOTONOS_PHSA-2017-0046.NASL", "PHOTONOS_PHSA-2017-0046_WGET.NASL", "PHOTONOS_PHSA-2017-0047.NASL", "PHOTONOS_PHSA-2017-0047_WGET.NASL", "PHOTONOS_PHSA-2018-1_0-0108.NASL", "PHOTONOS_PHSA-2018-1_0-0108_CURL.NASL", "PHOTONOS_PHSA-2018-1_0-0124.NASL", "PHOTONOS_PHSA-2018-1_0-0124_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0009.NASL", "PHOTONOS_PHSA-2018-2_0-0009_GLIBC.NASL", "PHOTONOS_PHSA-2018-2_0-0016.NASL", "PHOTONOS_PHSA-2018-2_0-0016_CURL.NASL", "REDHAT-ISC-DHCP-CVE-2016-2774.NASL", "REDHAT-RHSA-2016-2590.NASL", "REDHAT-RHSA-2017-2480.NASL", "REDHAT-RHSA-2017-2484.NASL", "REDHAT-RHSA-2017-2485.NASL", "REDHAT-RHSA-2017-2489.NASL", "REDHAT-RHSA-2017-2674.NASL", "REDHAT-RHSA-2017-2998.NASL", "REDHAT-RHSA-2017-2999.NASL", "REDHAT-RHSA-2017-3046.NASL", "REDHAT-RHSA-2017-3047.NASL", "REDHAT-RHSA-2017-3075.NASL", "REDHAT-RHSA-2017-3264.NASL", "REDHAT-RHSA-2017-3267.NASL", "REDHAT-RHSA-2017-3268.NASL", "REDHAT-RHSA-2017-3392.NASL", "REDHAT-RHSA-2017-3401.NASL", "REDHAT-RHSA-2017-3453.NASL", "REDHAT-RHSA-2018-0549.NASL", "REDHAT-RHSA-2018-0647.NASL", "REDHAT-RHSA-2018-0648.NASL", "REDHAT-RHSA-2018-0649.NASL", "REDHAT-RHSA-2018-1058.NASL", "REDHAT-RHSA-2018-3090.NASL", "REDHAT-RHSA-2018-3157.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-1711.NASL", "REDHAT-RHSA-2020-0544.NASL", "REDHAT-RHSA-2020-0594.NASL", "REDHAT-RHSA-2020-1190.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2017-180-04.NASL", "SLACKWARE_SSA_2017-213-01.NASL", "SLACKWARE_SSA_2017-223-01.NASL", "SLACKWARE_SSA_2017-223-03.NASL", "SLACKWARE_SSA_2017-223-04.NASL", "SLACKWARE_SSA_2017-261-02.NASL", "SLACKWARE_SSA_2017-300-02.NASL", "SLACKWARE_SSA_2017-333-01.NASL", "SLACKWARE_SSA_2017-333-03.NASL", "SLACKWARE_SSA_2018-074-01.NASL", "SLACKWARE_SSA_2018-076-01.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SL_20161103_DHCP_ON_SL7_X.NASL", "SL_20170816_SUBVERSION_ON_SL7_X.NASL", "SL_20170817_GIT_ON_SL6_X.NASL", "SL_20170817_GIT_ON_SL7_X.NASL", "SL_20170817_MERCURIAL_ON_SL7_X.NASL", "SL_20171020_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20171026_WGET_ON_SL7_X.NASL", "SL_20171206_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180319_FIREFOX_ON_SL6_X.NASL", "SL_20180405_LIBVORBIS_ON_SL6_X.NASL", "SL_20180405_THUNDERBIRD_ON_SL6_X.NASL", "SL_20180405_THUNDERBIRD_ON_SL7_X.NASL", "SL_20180410_LIBVORBIS_ON_SL7_X.NASL", "SL_20181030_CURL_AND_NSS_PEM_ON_SL7_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "SL_20200407_LIBXML2_ON_SL7_X.NASL", "SUSE_SU-2016-1692-1.NASL", "SUSE_SU-2016-1735-1.NASL", "SUSE_SU-2016-1791-1.NASL", "SUSE_SU-2016-2024-1.NASL", "SUSE_SU-2017-1793-1.NASL", "SUSE_SU-2017-1794-1.NASL", "SUSE_SU-2017-1866-1.NASL", "SUSE_SU-2017-1886-1.NASL", "SUSE_SU-2017-2320-1.NASL", "SUSE_SU-2017-2747-1.NASL", "SUSE_SU-2017-2871-2.NASL", "SUSE_SU-2017-2989-1.NASL", "SUSE_SU-2017-3092-1.NASL", "SUSE_SU-2017-3214-1.NASL", "SUSE_SU-2017-3235-1.NASL", "SUSE_SU-2017-3369-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2017-3411-1.NASL", "SUSE_SU-2017-3440-1.NASL", "SUSE_SU-2017-3455-1.NASL", "SUSE_SU-2018-0005-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0061-1.NASL", "SUSE_SU-2018-0122-1.NASL", "SUSE_SU-2018-0246-1.NASL", "SUSE_SU-2018-0299-1.NASL", "SUSE_SU-2018-0395-1.NASL", "SUSE_SU-2018-0401-1.NASL", "SUSE_SU-2018-0769-1.NASL", "SUSE_SU-2018-0783-1.NASL", "SUSE_SU-2018-0784-1.NASL", "SUSE_SU-2018-0850-1.NASL", "SUSE_SU-2018-0902-1.NASL", "SUSE_SU-2018-0906-1.NASL", "SUSE_SU-2018-0907-1.NASL", "SUSE_SU-2018-0925-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-1323-1.NASL", "SUSE_SU-2018-1401-1.NASL", "SUSE_SU-2018-1401-2.NASL", "SUSE_SU-2018-1602-1.NASL", "SUSE_SU-2018-2072-1.NASL", "SUSE_SU-2018-2158-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2019-1379-1.NASL", "SUSE_SU-2020-0495-1.NASL", "SUSE_SU-2020-0992-1.NASL", "SUSE_SU-2022-0135-1.NASL", "SUSE_SU-2022-0135-2.NASL", "UBUNTU_USN-3309-1.NASL", "UBUNTU_USN-3347-1.NASL", "UBUNTU_USN-3387-1.NASL", "UBUNTU_USN-3388-1.NASL", "UBUNTU_USN-3417-1.NASL", "UBUNTU_USN-3438-1.NASL", "UBUNTU_USN-3464-1.NASL", "UBUNTU_USN-3466-1.NASL", "UBUNTU_USN-3473-1.NASL", "UBUNTU_USN-3478-1.NASL", "UBUNTU_USN-3497-1.NASL", "UBUNTU_USN-3498-1.NASL", "UBUNTU_USN-3501-1.NASL", "UBUNTU_USN-3513-1.NASL", "UBUNTU_USN-3534-1.NASL", "UBUNTU_USN-3545-1.NASL", "UBUNTU_USN-3558-1.NASL", "UBUNTU_USN-3584-1.NASL", "UBUNTU_USN-3586-1.NASL", "UBUNTU_USN-3598-1.NASL", "UBUNTU_USN-3599-1.NASL", "UBUNTU_USN-3604-1.NASL", "UBUNTU_USN-3606-1.NASL", "UBUNTU_USN-3610-1.NASL", "UBUNTU_USN-3611-1.NASL", "UBUNTU_USN-3622-1.NASL", "UBUNTU_USN-3681-1.NASL", "UBUNTU_USN-3733-1.NASL", "UBUNTU_USN-3935-1.NASL", "VIRTUALBOX_5_2_10.NASL", "VIRTUOZZO_VZLSA-2017-2485.NASL", "VIRTUOZZO_VZLSA-2017-2998.NASL", "VIRTUOZZO_VZLSA-2017-3075.NASL", "VIRTUOZZO_VZLSA-2017-3392.NASL", "VMWARE_ESXI_VMSA-2019-0013.NASL", "VMWARE_VMSA-2019-0013.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0733", "OPENSSL:CVE-2018-0739"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107831", "OPENVAS:1361412562310108379", "OPENVAS:1361412562310703861", "OPENVAS:1361412562310703901", "OPENVAS:1361412562310703932", "OPENVAS:1361412562310703934", "OPENVAS:1361412562310703959", "OPENVAS:1361412562310703960", "OPENVAS:1361412562310703963", "OPENVAS:1361412562310703982", "OPENVAS:1361412562310703984", "OPENVAS:1361412562310704008", "OPENVAS:1361412562310704015", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704048", "OPENVAS:1361412562310704051", "OPENVAS:1361412562310704052", "OPENVAS:1361412562310704059", "OPENVAS:1361412562310704071", "OPENVAS:1361412562310704074", "OPENVAS:1361412562310704086", "OPENVAS:1361412562310704136", "OPENVAS:1361412562310704140", "OPENVAS:1361412562310704143", "OPENVAS:1361412562310704150", "OPENVAS:1361412562310704155", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310807993", "OPENVAS:1361412562310808308", "OPENVAS:1361412562310811706", "OPENVAS:1361412562310811966", "OPENVAS:1361412562310812037", "OPENVAS:1361412562310812047", "OPENVAS:1361412562310812056", "OPENVAS:1361412562310812235", "OPENVAS:1361412562310812236", "OPENVAS:1361412562310812237", "OPENVAS:1361412562310812340", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310813045", "OPENVAS:1361412562310813046", "OPENVAS:1361412562310813047", "OPENVAS:1361412562310813048", "OPENVAS:1361412562310813114", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310813712", "OPENVAS:1361412562310813713", "OPENVAS:1361412562310843193", "OPENVAS:1361412562310843235", "OPENVAS:1361412562310843277", "OPENVAS:1361412562310843282", "OPENVAS:1361412562310843305", "OPENVAS:1361412562310843322", "OPENVAS:1361412562310843349", "OPENVAS:1361412562310843351", "OPENVAS:1361412562310843361", "OPENVAS:1361412562310843384", "OPENVAS:1361412562310843385", "OPENVAS:1361412562310843387", "OPENVAS:1361412562310843422", "OPENVAS:1361412562310843440", "OPENVAS:1361412562310843462", "OPENVAS:1361412562310843464", "OPENVAS:1361412562310843476", "OPENVAS:1361412562310843477", "OPENVAS:1361412562310843482", "OPENVAS:1361412562310843483", "OPENVAS:1361412562310843486", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310843489", "OPENVAS:1361412562310843503", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310843608", "OPENVAS:1361412562310843763", "OPENVAS:1361412562310843786", "OPENVAS:1361412562310843963", "OPENVAS:1361412562310851595", "OPENVAS:1361412562310851597", "OPENVAS:1361412562310851605", "OPENVAS:1361412562310851630", "OPENVAS:1361412562310851637", "OPENVAS:1361412562310851646", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851660", "OPENVAS:1361412562310851668", "OPENVAS:1361412562310851679", "OPENVAS:1361412562310851721", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851765", "OPENVAS:1361412562310851840", "OPENVAS:1361412562310851845", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310852013", "OPENVAS:1361412562310852543", "OPENVAS:1361412562310871705", "OPENVAS:1361412562310871883", "OPENVAS:1361412562310871886", "OPENVAS:1361412562310871887", "OPENVAS:1361412562310871888", "OPENVAS:1361412562310872738", "OPENVAS:1361412562310872819", "OPENVAS:1361412562310872886", "OPENVAS:1361412562310873265", "OPENVAS:1361412562310873272", "OPENVAS:1361412562310873278", "OPENVAS:1361412562310873304", "OPENVAS:1361412562310873321", "OPENVAS:1361412562310873466", "OPENVAS:1361412562310873480", "OPENVAS:1361412562310873500", "OPENVAS:1361412562310873574", "OPENVAS:1361412562310873582", "OPENVAS:1361412562310873617", "OPENVAS:1361412562310873726", "OPENVAS:1361412562310873772", "OPENVAS:1361412562310873888", "OPENVAS:1361412562310873891", "OPENVAS:1361412562310873938", "OPENVAS:1361412562310873950", "OPENVAS:1361412562310873952", "OPENVAS:1361412562310873974", "OPENVAS:1361412562310873977", "OPENVAS:1361412562310874144", "OPENVAS:1361412562310874155", "OPENVAS:1361412562310874182", "OPENVAS:1361412562310874197", "OPENVAS:1361412562310874253", "OPENVAS:1361412562310874256", "OPENVAS:1361412562310874266", "OPENVAS:1361412562310874299", "OPENVAS:1361412562310874300", "OPENVAS:1361412562310874313", "OPENVAS:1361412562310874318", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874437", "OPENVAS:1361412562310874438", "OPENVAS:1361412562310874598", "OPENVAS:1361412562310874599", "OPENVAS:1361412562310874712", "OPENVAS:1361412562310874832", "OPENVAS:1361412562310874838", "OPENVAS:1361412562310875045", "OPENVAS:1361412562310875080", "OPENVAS:1361412562310875089", "OPENVAS:1361412562310875947", "OPENVAS:1361412562310882761", "OPENVAS:1361412562310882789", "OPENVAS:1361412562310882790", "OPENVAS:1361412562310882793", "OPENVAS:1361412562310882808", "OPENVAS:1361412562310882816", "OPENVAS:1361412562310882863", "OPENVAS:1361412562310882864", "OPENVAS:1361412562310882866", "OPENVAS:1361412562310882867", "OPENVAS:1361412562310882868", "OPENVAS:1361412562310882902", "OPENVAS:1361412562310890950", "OPENVAS:1361412562310891015", "OPENVAS:1361412562310891052", "OPENVAS:1361412562310891068", "OPENVAS:1361412562310891072", "OPENVAS:1361412562310891080", "OPENVAS:1361412562310891107", "OPENVAS:1361412562310891120", "OPENVAS:1361412562310891144", "OPENVAS:1361412562310891149", "OPENVAS:1361412562310891309", "OPENVAS:1361412562310891319", "OPENVAS:1361412562310891327", "OPENVAS:1361412562310891330", "OPENVAS:1361412562310891368", "OPENVAS:1361412562310891445", "OPENVAS:1361412562310891495", "OPENVAS:1361412562310892003", "OPENVAS:1361412562311220161065", "OPENVAS:1361412562311220171175", "OPENVAS:1361412562311220171176", "OPENVAS:1361412562311220171187", "OPENVAS:1361412562311220171188", "OPENVAS:1361412562311220171217", "OPENVAS:1361412562311220171218", "OPENVAS:1361412562311220171254", "OPENVAS:1361412562311220171255", "OPENVAS:1361412562311220171265", "OPENVAS:1361412562311220171266", "OPENVAS:1361412562311220171269", "OPENVAS:1361412562311220171270", "OPENVAS:1361412562311220171272", "OPENVAS:1361412562311220171273", "OPENVAS:1361412562311220171330", "OPENVAS:1361412562311220171331", "OPENVAS:1361412562311220181003", "OPENVAS:1361412562311220181004", "OPENVAS:1361412562311220181104", "OPENVAS:1361412562311220181105", "OPENVAS:1361412562311220181109", "OPENVAS:1361412562311220181110", "OPENVAS:1361412562311220181117", "OPENVAS:1361412562311220181118", "OPENVAS:1361412562311220181155", "OPENVAS:1361412562311220181189", "OPENVAS:1361412562311220181203", "OPENVAS:1361412562311220181330", "OPENVAS:1361412562311220181334", "OPENVAS:1361412562311220181335", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220181446", "OPENVAS:1361412562311220191007", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191034", "OPENVAS:1361412562311220191082", "OPENVAS:1361412562311220191162", "OPENVAS:1361412562311220191185", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191211", "OPENVAS:1361412562311220191237", "OPENVAS:1361412562311220191240", "OPENVAS:1361412562311220191311", "OPENVAS:1361412562311220191312", "OPENVAS:1361412562311220191385", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191413", "OPENVAS:1361412562311220191417", "OPENVAS:1361412562311220191420", "OPENVAS:1361412562311220191443", "OPENVAS:1361412562311220191540", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191549", "OPENVAS:1361412562311220191750", "OPENVAS:1361412562311220192006", "OPENVAS:1361412562311220192153", "OPENVAS:1361412562311220192205", "OPENVAS:1361412562311220192390", "OPENVAS:1361412562311220192466", "OPENVAS:1361412562311220201106", "OPENVAS:1361412562311220201189", "OPENVAS:1361412562311220201454", "OPENVAS:1361412562311220201498", "OPENVAS:1361412562311220201568", "OPENVAS:703861", "OPENVAS:703901"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2590", "ELSA-2017-2480", "ELSA-2017-2484", "ELSA-2017-2485", "ELSA-2017-2489", "ELSA-2017-2998", "ELSA-2017-3075", "ELSA-2017-3392", "ELSA-2018-0549", "ELSA-2018-0647", "ELSA-2018-0648", "ELSA-2018-0649", "ELSA-2018-1058", "ELSA-2018-3052", "ELSA-2018-3090", "ELSA-2018-3157", "ELSA-2018-3221", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4267", "ELSA-2019-2471", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2020-1190", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-1015-1", "OSV:DLA-1052-1", "OSV:DLA-1068-1", "OSV:DLA-1072-1", "OSV:DLA-1080-1", "OSV:DLA-1107-1", "OSV:DLA-1120-1", "OSV:DLA-1144-1", "OSV:DLA-1149-1", "OSV:DLA-1187-1", "OSV:DLA-1201-1", "OSV:DLA-1209-1", "OSV:DLA-1211-1", "OSV:DLA-1309-1", "OSV:DLA-1319-1", "OSV:DLA-1327-1", "OSV:DLA-1330-1", "OSV:DLA-1368-1", "OSV:DLA-1445-1", "OSV:DLA-1445-2", "OSV:DLA-1445-3", "OSV:DLA-1495-1", "OSV:DLA-2003-1", "OSV:DLA-2559-1", "OSV:DLA-950-1", "OSV:DSA-3861-1", "OSV:DSA-3901-1", "OSV:DSA-3932-1", "OSV:DSA-3934-1", "OSV:DSA-3959-1", "OSV:DSA-3960-1", "OSV:DSA-3963-1", "OSV:DSA-3982-1", "OSV:DSA-3984-1", "OSV:DSA-4008-1", "OSV:DSA-4015-1", "OSV:DSA-4040-1", "OSV:DSA-4048-1", "OSV:DSA-4051-1", "OSV:DSA-4052-1", "OSV:DSA-4059-1", "OSV:DSA-4071-1", "OSV:DSA-4074-1", "OSV:DSA-4086-1", "OSV:DSA-4136-1", "OSV:DSA-4140-1", "OSV:DSA-4143-1", "OSV:DSA-4150-1", "OSV:DSA-4155-1", "OSV:DSA-4157-1", "OSV:DSA-4158-1", "OSV:PYSEC-2017-12", "OSV:PYSEC-2017-89"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143965", "PACKETSTORM:153278", "PACKETSTORM:154361", "PACKETSTORM:156729", "PACKETSTORM:158990", "PACKETSTORM:159064", "PACKETSTORM:160933", "PACKETSTORM:163889", "PACKETSTORM:167552"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2016-0013", "PHSA-2017-0002", "PHSA-2017-0003", "PHSA-2017-0045", "PHSA-2017-0046", "PHSA-2017-0047", "PHSA-2017-0065", "PHSA-2017-0076", "PHSA-2017-0078", "PHSA-2017-0080", "PHSA-2017-0084", "PHSA-2017-0087", "PHSA-2018-0009", "PHSA-2018-0016", "PHSA-2018-0124", "PHSA-2018-1.0-0108", "PHSA-2018-1.0-0124", "PHSA-2018-2.0-0016", "PHSA-2019-0208", "PHSA-2020-0288"]}, {"type": "redhat", "idList": ["RHSA-2016:2590", "RHSA-2017:2480", "RHSA-2017:2484", "RHSA-2017:2485", "RHSA-2017:2489", "RHSA-2017:2491", "RHSA-2017:2674", "RHSA-2017:2675", "RHSA-2017:2998", "RHSA-2017:2999", "RHSA-2017:3046", "RHSA-2017:3047", "RHSA-2017:3075", "RHSA-2017:3264", "RHSA-2017:3267", "RHSA-2017:3268", "RHSA-2017:3392", "RHSA-2017:3401", "RHSA-2017:3453", "RHSA-2018:0287", "RHSA-2018:0549", "RHSA-2018:0647", "RHSA-2018:0648", "RHSA-2018:0649", "RHSA-2018:1058", "RHSA-2018:3090", "RHSA-2018:3157", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2018:3558", "RHSA-2019:0366", "RHSA-2019:0367", "RHSA-2019:1543", "RHSA-2019:1711", "RHSA-2019:1712", "RHSA-2020:0544", "RHSA-2020:0594", "RHSA-2020:1190"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-0379", "RH:CVE-2017-1000116", "RH:CVE-2017-1000117", "RH:CVE-2017-10285", "RH:CVE-2017-12883", "RH:CVE-2017-13089", "RH:CVE-2017-14176", "RH:CVE-2017-14867", "RH:CVE-2017-15412", "RH:CVE-2017-15422", "RH:CVE-2017-15908", "RH:CVE-2017-16228", "RH:CVE-2017-16544", "RH:CVE-2017-16546", "RH:CVE-2017-16612", "RH:CVE-2017-17426", "RH:CVE-2017-5563", "RH:CVE-2017-6891", "RH:CVE-2017-7526", "RH:CVE-2017-8816", "RH:CVE-2017-9800", "RH:CVE-2018-0733", "RH:CVE-2018-0739", "RH:CVE-2018-1000122", "RH:CVE-2018-14618", "RH:CVE-2018-5146"]}, {"type": "seebug", "idList": ["SSV:96344", "SSV:96839"]}, {"type": "slackware", "idList": ["SSA-2017-180-04", "SSA-2017-213-01", "SSA-2017-223-01", "SSA-2017-223-03", "SSA-2017-223-04", "SSA-2017-261-02", "SSA-2017-300-02", "SSA-2017-333-01", "SSA-2017-333-03", "SSA-2018-074-01", "SSA-2018-076-01", "SSA-2018-087-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2182-1", "OPENSUSE-SU-2017:2183-1", "OPENSUSE-SU-2017:2331-1", "OPENSUSE-SU-2017:2757-1", "OPENSUSE-SU-2017:2884-1", "OPENSUSE-SU-2017:2998-1", "OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3244-1", "OPENSUSE-SU-2017:3245-1", "OPENSUSE-SU-2017:3420-1", "OPENSUSE-SU-2018:0042-1", "OPENSUSE-SU-2018:0737-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1422-1", "OPENSUSE-SU-2018:2208-1", "OPENSUSE-SU-2018:2238-1", "OPENSUSE-SU-2018:2293-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2018:2695-1", "OPENSUSE-SU-2019:1510-1", "OPENSUSE-SU-2022:0135-1", "SUSE-SU-2017:2163-1", "SUSE-SU-2017:2200-1", "SUSE-SU-2017:2225-1", "SUSE-SU-2017:2320-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:2717-1", "SUSE-SU-2017:2747-1", "SUSE-SU-2017:2871-1", "SUSE-SU-2017:2871-2", "SUSE-SU-2017:2989-1", "SUSE-SU-2017:3235-1", "SUSE-SU-2017:3369-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1", "SUSE-SU-2017:3411-1", "SUSE-SU-2017:3435-1", "SUSE-SU-2017:3440-1", "SUSE-SU-2017:3455-1", "SUSE-SU-2018:0005-1", "SUSE-SU-2018:0061-1", "SUSE-SU-2018:0902-1", "SUSE-SU-2018:0905-1", "SUSE-SU-2018:0906-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1443"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:CD366D42A4CB022576F8FB2BF3113246"]}, {"type": "threatpost", "idList": ["THREATPOST:7F952A5C9FB73767CD942589BD5851C7", "THREATPOST:8164B0E157D8D49EF50B0DC113581ABD", "THREATPOST:E76EE3C3FB52208A4FB2A662365D19F7"]}, {"type": "ubuntu", "idList": ["USN-3309-1", "USN-3309-2", "USN-3347-1", "USN-3347-2", "USN-3387-1", "USN-3388-1", "USN-3388-2", "USN-3411-2", "USN-3417-1", "USN-3438-1", "USN-3464-1", "USN-3464-2", "USN-3466-1", "USN-3473-1", "USN-3478-1", "USN-3478-2", "USN-3497-1", "USN-3498-1", "USN-3501-1", "USN-3513-1", "USN-3513-2", "USN-3534-1", "USN-3545-1", "USN-3558-1", "USN-3584-1", "USN-3586-1", "USN-3598-1", "USN-3598-2", "USN-3599-1", "USN-3604-1", "USN-3606-1", "USN-3610-1", "USN-3611-1", "USN-3611-2", "USN-3622-1", "USN-3681-1", "USN-3733-1", "USN-3733-2", "USN-3935-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-2774", "UB:CVE-2017-0379", "UB:CVE-2017-1000116", "UB:CVE-2017-1000117", "UB:CVE-2017-10285", "UB:CVE-2017-12883", "UB:CVE-2017-12976", "UB:CVE-2017-13089", "UB:CVE-2017-14176", "UB:CVE-2017-14867", "UB:CVE-2017-15412", "UB:CVE-2017-15422", "UB:CVE-2017-15650", "UB:CVE-2017-15908", "UB:CVE-2017-16228", "UB:CVE-2017-16544", "UB:CVE-2017-16546", "UB:CVE-2017-16612", "UB:CVE-2017-17426", "UB:CVE-2017-17459", "UB:CVE-2017-17512", "UB:CVE-2017-5563", "UB:CVE-2017-6891", "UB:CVE-2017-7526", "UB:CVE-2017-8816", "UB:CVE-2017-9117", "UB:CVE-2017-9800", "UB:CVE-2018-0733", "UB:CVE-2018-0739", "UB:CVE-2018-1000122", "UB:CVE-2018-14618", "UB:CVE-2018-5146", "UB:CVE-2018-5147"]}, {"type": "veracode", "idList": ["VERACODE:25248", "VERACODE:25282", "VERACODE:25285", "VERACODE:25293", "VERACODE:25321", "VERACODE:25325", "VERACODE:25346", "VERACODE:28258"]}, {"type": "vmware", "idList": ["VMSA-2019-0013", "VMSA-2019-0013.1"]}, {"type": "zdi", "idList": ["ZDI-17-923", "ZDI-18-263"]}, {"type": "zdt", "idList": ["1337DAY-ID-28268", "1337DAY-ID-28453", "1337DAY-ID-29067", "1337DAY-ID-36662", "1337DAY-ID-37806"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_OCT2017_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2017-882", "ALAS-2017-883", "ALAS-2017-893", "ALAS-2017-916", "ALAS-2017-917", "ALAS-2017-936", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-938", "ALAS-2018-981", "ALAS-2018-995"]}, {"type": "android", "idList": ["ANDROID:CVE-2018-5146"]}, {"type": "androidsecurity", "idList": ["ANDROID:2018-06-01"]}, {"type": "apple", "idList": ["APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:9E6A815375EBF8214DBB8A7CC0256BBD", "APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B3402276360A8C507F94E26E15D465F4", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:FAE8F6548DA345F4466BB73DD8BE2763", "APPLE:HT208103", "APPLE:HT208326", "APPLE:HT208331", "APPLE:HT208465", "APPLE:HT208692", "APPLE:HT208693", "APPLE:HT208696", "APPLE:HT208698"]}, {"type": "archlinux", "idList": ["ASA-201706-10", "ASA-201706-3", "ASA-201707-1", "ASA-201708-14", "ASA-201708-6", "ASA-201708-7", "ASA-201709-13", "ASA-201709-14", "ASA-201710-28", "ASA-201710-34", "ASA-201711-36", "ASA-201711-37", "ASA-201711-38", "ASA-201711-41", "ASA-201711-42", "ASA-201712-5", "ASA-201803-1", "ASA-201803-12", "ASA-201803-13", "ASA-201803-15", "ASA-201803-16", "ASA-201803-17", "ASA-201803-18", "ASA-201803-19", "ASA-201803-2", "ASA-201803-20", "ASA-201803-21", "ASA-201803-22"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-10593"]}, {"type": "centos", "idList": ["CESA-2017:2480", "CESA-2017:2484", "CESA-2017:2485", "CESA-2017:2489", "CESA-2017:2998", "CESA-2017:3075", "CESA-2017:3392"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0364", "CPAI-2018-0508"]}, {"type": "chrome", "idList": ["GCSA-6993857189147290065"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:23B1515F8D5457421D7BC84DE82AEE7A", "CFOUNDRY:3607F073AC0C0689C426D68F1CF8129C", "CFOUNDRY:9552DBD3D0A554043D3D1889155F0A00", "CFOUNDRY:B92BE0D66798E831F55CF2D88AA976E4", "CFOUNDRY:C35A6FAC24A991475775DAEC1BA5FB2D", "CFOUNDRY:C94493DDE348FDF28E8866771E34ED7C", "CFOUNDRY:F32EC67CB8EF3A5AC3DF32865AAB787D"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2016-2774", "CVE-2017-0379", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-10285", "CVE-2017-12883", "CVE-2017-13089", "CVE-2017-14176", "CVE-2017-14867", "CVE-2017-15650", "CVE-2017-15908", "CVE-2017-16544", "CVE-2017-16612", "CVE-2017-17426", "CVE-2017-17512", "CVE-2017-6891", "CVE-2017-8816", "CVE-2017-9800", "CVE-2018-0733", "CVE-2018-0739"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1015-1:A2F8B", "DEBIAN:DLA-1052-1:8FD73", "DEBIAN:DLA-1068-1:EE3F1", "DEBIAN:DLA-1072-1:C63A2", "DEBIAN:DLA-1080-1:E4894", "DEBIAN:DLA-1120-1:E5021", "DEBIAN:DLA-1144-1:E0FFD", "DEBIAN:DLA-1149-1:08CFA", "DEBIAN:DLA-1187-1:57EAE", "DEBIAN:DLA-1201-1:90536", "DEBIAN:DLA-1209-1:11DCC", "DEBIAN:DLA-1211-1:EA9E0", "DEBIAN:DLA-1309-1:3655B", "DEBIAN:DLA-1319-1:56612", "DEBIAN:DLA-1327-1:CD08B", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1368-1:39537", "DEBIAN:DLA-1495-1:43D4C", "DEBIAN:DLA-950-1:6137B", "DEBIAN:DSA-3861-1:84787", "DEBIAN:DSA-3901-1:195D0", "DEBIAN:DSA-3932-1:A3186", "DEBIAN:DSA-3934-1:D2EA9", "DEBIAN:DSA-3959-1:38ABA", "DEBIAN:DSA-3960-1:29BD6", "DEBIAN:DSA-3963-1:CD9EC", "DEBIAN:DSA-3982-1:97B3E", "DEBIAN:DSA-4008-1:604F8", "DEBIAN:DSA-4015-1:4398C", "DEBIAN:DSA-4040-1:E6366", "DEBIAN:DSA-4048-1:C97BF", "DEBIAN:DSA-4051-1:99280", "DEBIAN:DSA-4052-1:1117D", "DEBIAN:DSA-4059-1:455E2", "DEBIAN:DSA-4071-1:2EA79", "DEBIAN:DSA-4074-1:AED98", "DEBIAN:DSA-4086-1:58F72", "DEBIAN:DSA-4136-1:5B46E", "DEBIAN:DSA-4140-1:DC99A", "DEBIAN:DSA-4143-1:F445E", "DEBIAN:DSA-4150-1:2E864", "DEBIAN:DSA-4155-1:874A1", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4158-1:43C61"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14176", "DEBIANCVE:CVE-2017-16544"]}, {"type": "exploitdb", "idList": ["EDB-ID:42599"]}, {"type": "f5", "idList": ["F5:K20281756", "F5:K45625134", "F5:K46552732", "F5:K62318311"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:046E16076016", "FEDORA:0F54C60BE23D", "FEDORA:1BDBA60874B4", "FEDORA:1C87760F6574", "FEDORA:2051C604DA6B", "FEDORA:2237361FD649", "FEDORA:2E8D96005552", "FEDORA:3EC4162335F8", "FEDORA:41A6660CADCC", "FEDORA:4813E602F5BE", "FEDORA:4C1B66085F97", "FEDORA:4E7B960A8F88", "FEDORA:5750160173C4", "FEDORA:597806048158", "FEDORA:5C8E66094E72", "FEDORA:5CFCF60A5875", "FEDORA:65418606FD9D", "FEDORA:68D44601BD0C", "FEDORA:6B4D86087671", "FEDORA:6D83460153C4", "FEDORA:7016960CADB6", "FEDORA:70A8560478E4", "FEDORA:73956600DD0A", "FEDORA:7AC3560620E6", "FEDORA:7B564604AACC", "FEDORA:8187E60A2920", "FEDORA:83E6960C3522", "FEDORA:855A9625F2AD", "FEDORA:87D78601E81F", "FEDORA:8EA746050C5D", "FEDORA:8FDC7602F058", "FEDORA:919766085AD4", "FEDORA:93899601DD82", "FEDORA:94054604BB3C", "FEDORA:94740605F8FC", "FEDORA:9543060799F0", "FEDORA:9AA94604D744", "FEDORA:A65EF601DD8C", "FEDORA:A9F06601B24A", "FEDORA:ACC466324C7C", "FEDORA:AD05E6076A12", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B98866076020", "FEDORA:BFACF60A35B3", "FEDORA:BFD6D6095533", "FEDORA:C2FD06087D91", "FEDORA:C42316075EE2", "FEDORA:C9F7960754A8", "FEDORA:CAFF160478EB", "FEDORA:CB0976087487", "FEDORA:DA00060CFA9B", "FEDORA:E1BA960799FC", "FEDORA:EC7F86046254", "FEDORA:ECE8A60C25DB", "FEDORA:F13AD615CE72", "FEDORA:F2FCA60C94C8"]}, {"type": "freebsd", "idList": ["09849E71-BB12-11E7-8357-3065EC6F3643", "1D33CDEE-7F6B-11E7-A9B5-3DEBB10A6871", "22F28BB3-8D98-11E7-8C37-E8E0B747A45A", "301A01B7-D50E-11E7-AC58-B499BAEBFEAF", "6E80BD9B-7E9B-11E7-ABFE-90E2BAA3BAFC", "B0628E53-092A-4037-938B-29805A7CD31B", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "D9E82328-A129-11E7-987E-4F174049B30A", "DDECDE18-E33B-11E7-A293-54E1AD3D6335", "ED3BF433-5D92-11E7-AA14-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201709-09", "GLSA-201709-10", "GLSA-201709-18", "GLSA-201709-27", "GLSA-201710-11", "GLSA-201710-31", "GLSA-201712-04", "GLSA-201801-03", "GLSA-201801-04", "GLSA-201803-12"]}, {"type": "hackerone", "idList": ["H1:260005"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0CD92D65217BA19C95B4BF36EC77E046C138F6AB1AD196921ED6297F35FEB8C1", "153C8B988C1EC44C13B0535341913C2F66090DDDFC18D3C49268B9CA9BFFB899", "3EBBC018B9C20064FA93BD55BE600CC6490AE50FA79F34184DC280317D13D2D0", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "6F167D499B2A5EFC5FF37F5C3C59231B209D96D3E83F2F95ED707FF9F72461C9", "949D058C8D46FE2167CE3D6FD2DA4133932AC4110D96EB07B6323F33EFC7785F", "B7E9CE33A8766104CBF43CF1EF0D10747A799C0A2ADF534A80658077B861D8FA", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "F78587255E6EF46DCF6D5A2D005E1C4D58C0A497AB8A85F9D3A5219A4BA349EE", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "ics", "idList": ["ICSA-20-240-01"]}, {"type": "kaspersky", "idList": ["KLA11122", "KLA11152"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/GIT_SUBMODULE_COMMAND_EXEC"]}, {"type": "mozilla", "idList": ["MFSA2018-08"]}, {"type": "myhack58", "idList": ["MYHACK58:62201788524"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1162.NASL", "ALA_ALAS-2017-882.NASL", "ALA_ALAS-2017-883.NASL", "ALA_ALAS-2017-893.NASL", "ALA_ALAS-2017-916.NASL", "ALA_ALAS-2017-917.NASL", "CENTOS_RHSA-2017-2480.NASL", "CENTOS_RHSA-2017-2484.NASL", "CENTOS_RHSA-2017-2485.NASL", "CENTOS_RHSA-2017-2489.NASL", "CENTOS_RHSA-2017-2998.NASL", "CENTOS_RHSA-2017-3075.NASL", "CENTOS_RHSA-2017-3392.NASL", "DEBIAN_DLA-1015.NASL", "DEBIAN_DLA-1052.NASL", "DEBIAN_DLA-1068.NASL", "DEBIAN_DLA-1072.NASL", "DEBIAN_DLA-1080.NASL", "DEBIAN_DLA-1120.NASL", "DEBIAN_DLA-1149.NASL", "DEBIAN_DLA-1187.NASL", "DEBIAN_DLA-1201.NASL", "DEBIAN_DLA-1209.NASL", "DEBIAN_DLA-1211.NASL", "DEBIAN_DLA-950.NASL", "DEBIAN_DSA-3861.NASL", "DEBIAN_DSA-3901.NASL", "DEBIAN_DSA-3932.NASL", "DEBIAN_DSA-3934.NASL", "DEBIAN_DSA-3959.NASL", "DEBIAN_DSA-3960.NASL", "DEBIAN_DSA-3963.NASL", "DEBIAN_DSA-3982.NASL", "DEBIAN_DSA-3984.NASL", "DEBIAN_DSA-4008.NASL", "DEBIAN_DSA-4040.NASL", "DEBIAN_DSA-4048.NASL", "DEBIAN_DSA-4051.NASL", "DEBIAN_DSA-4052.NASL", "DEBIAN_DSA-4059.NASL", "EULEROS_SA-2017-1175.NASL", "EULEROS_SA-2017-1176.NASL", "EULEROS_SA-2017-1187.NASL", "EULEROS_SA-2017-1188.NASL", "EULEROS_SA-2017-1217.NASL", "EULEROS_SA-2017-1218.NASL", "EULEROS_SA-2019-1034.NASL", "EULEROS_SA-2020-1568.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "FEDORA_2017-0C062324CD.NASL", "FEDORA_2017-1D1A38BDD1.NASL", "FEDORA_2017-2008FDD7E2.NASL", "FEDORA_2017-22107B1986.NASL", "FEDORA_2017-3B70D0B976.NASL", "FEDORA_2017-5115BAF0E6.NASL", "FEDORA_2017-89492F7161.NASL", "FEDORA_2017-8BA7572CFD.NASL", "FEDORA_2017-951B6A78D4.NASL", "FEDORA_2017-A348B32EB5.NASL", "FEDORA_2017-B1B3AE6666.NASL", "FEDORA_2017-C7C3F7ED26.NASL", "FEDORA_2017-D5CF1A55CE.NASL", "FEDORA_2017-F03B04ACBB.NASL", "FEDORA_2017-FA1D8AD61A.NASL", "FEDORA_2018-C0D3DB441F.NASL", "FEDORA_2018-E08D828ED9.NASL", "FEDORA_2019-2E385F97E2.NASL", "FREEBSD_PKG_09849E71BB1211E783573065EC6F3643.NASL", "FREEBSD_PKG_1D33CDEE7F6B11E7A9B53DEBB10A6871.NASL", "FREEBSD_PKG_22F28BB38D9811E78C37E8E0B747A45A.NASL", "FREEBSD_PKG_301A01B7D50E11E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_D9E82328A12911E7987E4F174049B30A.NASL", "FREEBSD_PKG_DDECDE18E33B11E7A29354E1AD3D6335.NASL", "FREEBSD_PKG_ED3BF4335D9211E7AA14E8E0B747A45A.NASL", "GENTOO_GLSA-201709-09.NASL", "GENTOO_GLSA-201709-10.NASL", "GENTOO_GLSA-201709-18.NASL", "GENTOO_GLSA-201709-27.NASL", "GENTOO_GLSA-201710-31.NASL", "GENTOO_GLSA-201711-14.NASL", "GENTOO_GLSA-201712-04.NASL", "GENTOO_GLSA-201801-03.NASL", "GENTOO_GLSA-201801-04.NASL", "GIT_FOR_WINDOWS_2_14_1.NASL", "GOOGLE_CHROME_63_0_3239_84.NASL", "MACOSX_GOOGLE_CHROME_63_0_3239_84.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MACOS_10_13_3.NASL", "MACOS_FIREFOX_59_0_1.NASL", "NEWSTART_CGSL_NS-SA-2019-0120_GIT.NASL", "OPENSUSE-2017-1115.NASL", "OPENSUSE-2017-1167.NASL", "OPENSUSE-2017-1210.NASL", "OPENSUSE-2017-1304.NASL", "OPENSUSE-2017-1346.NASL", "OPENSUSE-2017-1349.NASL", "OPENSUSE-2017-796.NASL", "OPENSUSE-2017-939.NASL", "OPENSUSE-2017-940.NASL", "OPENSUSE-2017-941.NASL", "OPENSUSE-2017-988.NASL", "OPENSUSE-2018-117.NASL", "OPENSUSE-2018-14.NASL", "OPENSUSE-2018-196.NASL", "ORACLELINUX_ELSA-2017-2480.NASL", "ORACLELINUX_ELSA-2017-2484.NASL", "ORACLELINUX_ELSA-2017-2485.NASL", "ORACLELINUX_ELSA-2017-2489.NASL", "ORACLELINUX_ELSA-2017-2998.NASL", "ORACLELINUX_ELSA-2017-3075.NASL", "ORACLELINUX_ELSA-2017-3392.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "PHOTONOS_PHSA-2017-0031_SUBVERSION.NASL", "PHOTONOS_PHSA-2017-0037_PERL.NASL", "PHOTONOS_PHSA-2017-0040_OPENJDK.NASL", "PHOTONOS_PHSA-2017-0040_OPENJRE.NASL", "PHOTONOS_PHSA-2017-0044_SYSTEMD.NASL", "PHOTONOS_PHSA-2017-0045_SYSTEMD.NASL", "PHOTONOS_PHSA-2017-0046_WGET.NASL", "PHOTONOS_PHSA-2017-0047_WGET.NASL", "PHOTONOS_PHSA-2018-1_0-0108_CURL.NASL", "PHOTONOS_PHSA-2018-1_0-0124_CURL.NASL", "PHOTONOS_PHSA-2018-2_0-0009_GLIBC.NASL", "PHOTONOS_PHSA-2018-2_0-0016_CURL.NASL", "REDHAT-RHSA-2017-2480.NASL", "REDHAT-RHSA-2017-2484.NASL", "REDHAT-RHSA-2017-2485.NASL", "REDHAT-RHSA-2017-2489.NASL", "REDHAT-RHSA-2017-2674.NASL", "REDHAT-RHSA-2017-2998.NASL", "REDHAT-RHSA-2017-2999.NASL", "REDHAT-RHSA-2017-3046.NASL", "REDHAT-RHSA-2017-3047.NASL", "REDHAT-RHSA-2017-3075.NASL", "REDHAT-RHSA-2017-3264.NASL", "REDHAT-RHSA-2017-3267.NASL", "REDHAT-RHSA-2017-3268.NASL", "REDHAT-RHSA-2017-3392.NASL", "REDHAT-RHSA-2017-3401.NASL", "REDHAT-RHSA-2017-3453.NASL", "REDHAT-RHSA-2019-0367.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2017-180-04.NASL", "SLACKWARE_SSA_2017-213-01.NASL", "SLACKWARE_SSA_2017-223-01.NASL", "SLACKWARE_SSA_2017-223-03.NASL", "SLACKWARE_SSA_2017-223-04.NASL", "SLACKWARE_SSA_2017-261-02.NASL", "SLACKWARE_SSA_2017-300-02.NASL", "SLACKWARE_SSA_2017-333-01.NASL", "SLACKWARE_SSA_2017-333-03.NASL", "SL_20170816_SUBVERSION_ON_SL7_X.NASL", "SL_20170817_GIT_ON_SL6_X.NASL", "SL_20170817_GIT_ON_SL7_X.NASL", "SL_20170817_MERCURIAL_ON_SL7_X.NASL", "SL_20171020_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20171026_WGET_ON_SL7_X.NASL", "SL_20171206_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SUSE_SU-2017-1793-1.NASL", "SUSE_SU-2017-1794-1.NASL", "SUSE_SU-2017-1886-1.NASL", "SUSE_SU-2017-2320-1.NASL", "SUSE_SU-2017-2747-1.NASL", "SUSE_SU-2017-3092-1.NASL", "SUSE_SU-2017-3214-1.NASL", "SUSE_SU-2017-3369-1.NASL", "SUSE_SU-2017-3378-1.NASL", "SUSE_SU-2017-3388-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0061-1.NASL", "SUSE_SU-2018-0246-1.NASL", "SUSE_SU-2018-0299-1.NASL", "UBUNTU_USN-3309-1.NASL", "UBUNTU_USN-3347-1.NASL", "UBUNTU_USN-3387-1.NASL", "UBUNTU_USN-3417-1.NASL", "UBUNTU_USN-3438-1.NASL", "UBUNTU_USN-3464-1.NASL", "UBUNTU_USN-3466-1.NASL", "UBUNTU_USN-3497-1.NASL", "UBUNTU_USN-3498-1.NASL", "UBUNTU_USN-3501-1.NASL", "UBUNTU_USN-3513-1.NASL", "UBUNTU_USN-3558-1.NASL", "UBUNTU_USN-3584-1.NASL", "UBUNTU_USN-3681-1.NASL", "VIRTUOZZO_VZLSA-2017-3392.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0733"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703932", "OPENVAS:1361412562310703934", "OPENVAS:1361412562310703959", "OPENVAS:1361412562310703960", "OPENVAS:1361412562310703963", "OPENVAS:1361412562310703982", "OPENVAS:1361412562310703984", "OPENVAS:1361412562310704040", "OPENVAS:1361412562310704048", "OPENVAS:1361412562310704051", "OPENVAS:1361412562310704052", "OPENVAS:1361412562310704059", "OPENVAS:1361412562310704150", "OPENVAS:1361412562310807993", "OPENVAS:1361412562310811706", "OPENVAS:1361412562310812037", "OPENVAS:1361412562310812047", "OPENVAS:1361412562310812235", "OPENVAS:1361412562310812236", "OPENVAS:1361412562310812237", "OPENVAS:1361412562310812340", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310843193", "OPENVAS:1361412562310843235", "OPENVAS:1361412562310843277", "OPENVAS:1361412562310843305", "OPENVAS:1361412562310843384", "OPENVAS:1361412562310843385", "OPENVAS:1361412562310843387", "OPENVAS:1361412562310843440", "OPENVAS:1361412562310843462", "OPENVAS:1361412562310843556", "OPENVAS:1361412562310851595", "OPENVAS:1361412562310851597", "OPENVAS:1361412562310851605", "OPENVAS:1361412562310851630", "OPENVAS:1361412562310851657", "OPENVAS:1361412562310851660", "OPENVAS:1361412562310871883", "OPENVAS:1361412562310871886", "OPENVAS:1361412562310871887", "OPENVAS:1361412562310871888", "OPENVAS:1361412562310872738", "OPENVAS:1361412562310872819", "OPENVAS:1361412562310872886", "OPENVAS:1361412562310873265", "OPENVAS:1361412562310873272", "OPENVAS:1361412562310873278", "OPENVAS:1361412562310873304", "OPENVAS:1361412562310873321", "OPENVAS:1361412562310873466", "OPENVAS:1361412562310873617", "OPENVAS:1361412562310873726", "OPENVAS:1361412562310873772", "OPENVAS:1361412562310873888", "OPENVAS:1361412562310873891", "OPENVAS:1361412562310873974", "OPENVAS:1361412562310873977", "OPENVAS:1361412562310874144", "OPENVAS:1361412562310874155", "OPENVAS:1361412562310874712", "OPENVAS:1361412562310882761", "OPENVAS:1361412562310882789", "OPENVAS:1361412562310882790", "OPENVAS:1361412562310882808", "OPENVAS:1361412562310882816", "OPENVAS:1361412562310882863", "OPENVAS:1361412562310882864", "OPENVAS:1361412562310890950", "OPENVAS:1361412562310891015", "OPENVAS:1361412562310891052", "OPENVAS:1361412562310891068", "OPENVAS:1361412562310891072", "OPENVAS:1361412562310891080", "OPENVAS:1361412562310891120", "OPENVAS:1361412562310891144", "OPENVAS:1361412562310891149", "OPENVAS:1361412562310891309", "OPENVAS:1361412562310891319", "OPENVAS:1361412562311220201568", "OPENVAS:703861", "OPENVAS:703901"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018-3678067"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2480", "ELSA-2017-2484", "ELSA-2017-2485", "ELSA-2017-2489", "ELSA-2017-2998", "ELSA-2017-3075", "ELSA-2017-3392", "ELSA-2018-4228", "ELSA-2018-4229"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143965"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2017-0002", "PHSA-2017-0003", "PHSA-2017-0045", "PHSA-2017-0046", "PHSA-2017-0047", "PHSA-2018-0009", "PHSA-2018-1.0-0108", "PHSA-2018-1.0-0124", "PHSA-2018-2.0-0016"]}, {"type": "redhat", "idList": ["RHSA-2017:2491", "RHSA-2017:2675", "RHSA-2018:0287"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-1000122", "RH:CVE-2018-14618", "RH:CVE-2018-5146"]}, {"type": "seebug", "idList": ["SSV:96344", "SSV:96839"]}, {"type": "slackware", "idList": ["SSA-2017-180-04", "SSA-2017-213-01", "SSA-2017-223-01", "SSA-2017-223-03", "SSA-2017-223-04", "SSA-2017-261-02", "SSA-2017-300-02", "SSA-2017-333-01", "SSA-2017-333-03", "SSA-2018-087-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2182-1", "OPENSUSE-SU-2017:2183-1", "OPENSUSE-SU-2017:2331-1", "OPENSUSE-SU-2017:2757-1", "OPENSUSE-SU-2017:2884-1", "OPENSUSE-SU-2017:3223-1", "OPENSUSE-SU-2017:3244-1", "OPENSUSE-SU-2017:3245-1", "OPENSUSE-SU-2017:3420-1", "OPENSUSE-SU-2018:0042-1", "SUSE-SU-2017:2163-1", "SUSE-SU-2017:2225-1", "SUSE-SU-2017:2320-1", "SUSE-SU-2017:2717-1", "SUSE-SU-2017:2871-1", "SUSE-SU-2017:3235-1", "SUSE-SU-2017:3369-1", "SUSE-SU-2017:3378-1", "SUSE-SU-2017:3388-1", "SUSE-SU-2017:3411-1", "SUSE-SU-2018:0061-1"]}, {"type": "symantec", "idList": ["SMNTC-1443"]}, {"type": "tenable", "idList": ["TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:CD366D42A4CB022576F8FB2BF3113246"]}, {"type": "threatpost", "idList": ["THREATPOST:7F952A5C9FB73767CD942589BD5851C7", "THREATPOST:E76EE3C3FB52208A4FB2A662365D19F7"]}, {"type": "ubuntu", "idList": ["USN-3438-1", "USN-3466-1", "USN-3478-2", "USN-3497-1", "USN-3498-1", "USN-3513-1", "USN-3534-1", "USN-3598-1", "USN-3681-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-0733", "UB:CVE-2018-0739", "UB:CVE-2018-1000122", "UB:CVE-2018-5146"]}, {"type": "vmware", "idList": ["VMSA-2019-0013"]}, {"type": "zdi", "idList": ["ZDI-17-923"]}, {"type": "zdt", "idList": ["1337DAY-ID-28268", "1337DAY-ID-29067"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "IBM Cloud Private", "version": 2}]}, "vulnersScore": 1.3}, "_state": {"dependencies": 1662390704, "score": 1662394301, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "7a920eca1aa24d33a10c48f17b73f197"}, "affectedSoftware": [{"name": "IBM Cloud Private", "version": "2.1.0", "operator": "eq"}]}

{"hackerone": [{"lastseen": "2023-02-01T04:42:29", "bounty": 3000.0, "description": "I'd like to submit an RCE issue within Git SVN and Mercurial, the CVEs are:\n\n* CVE-2017-9800 (Subversion)\n* CVE-2017-1000116 (Mercurial (hg))\n* CVE-2017-1000117 (Git)\n\nFurther Info can be found at:\n\nhttp://blog.recurity-labs.com/2017-08-10/scm-vulns\n\nAnd product specific:\n\n* https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u\n* http://subversion.apache.org/security/CVE-2017-9800-advisory.txt\n* https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/\n\nI think these issues which all are based on the same flaw could be worth\nan IBB Bounty. However I'd like to point out that we at Recurity Labs\nwould like the bounty being donated to a charity. The to be determined\ncharity will be something in the field of brain aneurysm, this is due to\nthe fact that Felix, the founder of Recurity Labs, currently is\nrecovering from a brain aneurysm.\n\n\nSo, just let us know what you think about this.\n\nCheers,\n\njoern\n\nP.S. I took the CVSS Score from the Subversion Advisory\nthe Redhat advisory states a score of 6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) I guess the truth is somewhere in between.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-14T20:53:18", "type": "hackerone", "title": "Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS ", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2017-09-21T16:21:35", "id": "H1:260005", "href": "https://hackerone.com/reports/260005", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-01T05:42:56", "bounty": 0.0, "description": "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.\n\nReproduction:\nTo reproduce, use two terminals. In the first terminal:\n$ nc -l -p 8080 <wget-stack-smash.reply\nIn the second terminal:\n$ wget http://127.0.0.1:8080/foo\n\nDepending on how wget is compiled, this will either simply segfault or\ncomplain about the stack being smashed (on debian due to being compiled\nthe stack protector.)\n\nExternal links:\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13089\nhttp://www.securityfocus.com/bid/101592\nhttp://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f\nhttp://www.securitytracker.com/id/1039661\nhttps://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-06T09:03:49", "type": "hackerone", "title": "Internet Bug Bounty: CVE-2017-13089 wget stack smash", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2019-11-12T23:45:43", "id": "H1:287666", "href": "https://hackerone.com/reports/287666", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-26T14:35:59", "description": "According to the version of the bzr package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : bzr (EulerOS-SA-2021-1060)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bzr", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/145188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145188);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2017-14176\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : bzr (EulerOS-SA-2021-1060)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bzr package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used,\n allows remote attackers to execute arbitrary commands\n via a bzr+ssh URL with an initial dash character in the\n hostname, a related issue to CVE-2017-9800,\n CVE-2017-12836, CVE-2017-12976, CVE-2017-16228,\n CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1060\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44ce4111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bzr package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bzr-2.5.1-14.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzr\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:34:06", "description": "According to the version of the bzr package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : bzr (EulerOS-SA-2021-1180)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bzr", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1180.NASL", "href": "https://www.tenable.com/plugins/nessus/146151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146151);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2017-14176\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : bzr (EulerOS-SA-2021-1180)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bzr package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used,\n allows remote attackers to execute arbitrary commands\n via a bzr+ssh URL with an initial dash character in the\n hostname, a related issue to CVE-2017-9800,\n CVE-2017-12836, CVE-2017-12976, CVE-2017-16228,\n CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1180\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5579e74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bzr package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bzr-2.5.1-14.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzr\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:35:31", "description": "According to the version of the bzr package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : bzr (EulerOS-SA-2021-1283)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bzr", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1283.NASL", "href": "https://www.tenable.com/plugins/nessus/146767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146767);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2017-14176\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bzr (EulerOS-SA-2021-1283)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bzr package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - Bazaar through 2.7.0, when Subprocess SSH is used,\n allows remote attackers to execute arbitrary commands\n via a bzr+ssh URL with an initial dash character in the\n hostname, a related issue to CVE-2017-9800,\n CVE-2017-12836, CVE-2017-12976, CVE-2017-16228,\n CVE-2017-1000116, and CVE-2017-1000117.(CVE-2017-14176)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1283\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2ddde82\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bzr package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bzr-2.5.1-14.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bzr\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:33:22", "description": "Mercurial Release Notes :\n\nCVE-2017-1000115\n\nMercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.\n\nCVE-2017-1000116\n\nMercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with\n-oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mercurial", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1D33CDEE7F6B11E7A9B53DEBB10A6871.NASL", "href": "https://www.tenable.com/plugins/nessus/102465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102465);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000115\", \"CVE-2017-1000116\");\n\n script_name(english:\"FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mercurial Release Notes :\n\nCVE-2017-1000115\n\nMercurial's symlink auditing was incomplete prior to 4.3, and could be\nabused to write to files outside the repository.\n\nCVE-2017-1000116\n\nMercurial was not sanitizing hostnames passed to ssh, allowing shell\ninjection attacks on clients by specifying a hostname starting with\n-oProxyCommand. This is also present in Git (CVE-2017-1000117) and\nSubversion (CVE-2017-9800), so please patch those tools as well if you\nhave them installed.\"\n );\n # https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?425a5664\"\n );\n # https://vuxml.freebsd.org/freebsd/1d33cdee-7f6b-11e7-a9b5-3debb10a6871.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f656efa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mercurial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mercurial<4.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:33:33", "description": "Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite.\n\nCVE-2017-1000115\n\nMercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.\n\nCVE-2017-1000116\n\nMercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with\n-oProxyCommand. This vulnerability is similar to those in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.2.2-4+deb7u5.\n\nWe recommend that you upgrade your mercurial packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-01T00:00:00", "type": "nessus", "title": "Debian DLA-1072-1 : mercurial security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mercurial", "p-cpe:/a:debian:debian_linux:mercurial-common", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1072.NASL", "href": "https://www.tenable.com/plugins/nessus/102886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1072-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102886);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000115\", \"CVE-2017-1000116\");\n\n script_name(english:\"Debian DLA-1072-1 : mercurial security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two significant vulnerabilities were found in the Mercurial version\ncontrol system which could lead to shell injection attacks and\nout-of-tree file overwrite.\n\nCVE-2017-1000115\n\nMercurial's symlink auditing was incomplete prior to 4.3, and could be\nabused to write to files outside the repository.\n\nCVE-2017-1000116\n\nMercurial was not sanitizing hostnames passed to ssh, allowing shell\ninjection attacks on clients by specifying a hostname starting with\n-oProxyCommand. This vulnerability is similar to those in Git\n(CVE-2017-1000117) and Subversion (CVE-2017-9800).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.2.2-4+deb7u5.\n\nWe recommend that you upgrade your mercurial packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mercurial\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected mercurial, and mercurial-common packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mercurial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mercurial-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"mercurial\", reference:\"2.2.2-4+deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"mercurial-common\", reference:\"2.2.2-4+deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:04", "description": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.20120629+deb7u1.\n\nWe recommend that you upgrade your git-annex packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "Debian DLA-1144-1 : git-annex security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git-annex", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1144.NASL", "href": "https://www.tenable.com/plugins/nessus/104219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1144-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104219);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12976\");\n\n script_name(english:\"Debian DLA-1144-1 : git-annex security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"git-annex before 6.20170818 allows remote attackers to execute\narbitrary commands via an ssh URL with an initial dash character in\nthe hostname, as demonstrated by an ssh://-eProxyCommand= URL, a\nrelated issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and\nCVE-2017-1000117.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.20120629+deb7u1.\n\nWe recommend that you upgrade your git-annex packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/git-annex\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected git-annex package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-annex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"git-annex\", reference:\"3.20120629+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:51", "description": "Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : 1:openssl (2018-49651b2236)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0733", "CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:openssl", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-49651B2236.NASL", "href": "https://www.tenable.com/plugins/nessus/120390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-49651b2236.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120390);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-49651b2236\");\n\n script_name(english:\"Fedora 28 : 1:openssl (2018-49651b2236)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-49651b2236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0733\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"openssl-1.1.0h-2.fc28\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:49:09", "description": "Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected.(CVE-2018-0733)\n\nConstructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-08-24T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2018-1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0733", "CVE-2018-0739"], "modified": "2018-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/112092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1065.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112092);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/08/31 12:25:01\");\n\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_xref(name:\"ALAS\", value:\"2018-1065\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2018-1065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Because of an implementation bug the PA-RISC CRYPTO_memcmp function is\neffectively reduced to only comparing the least significant bit of\neach byte. This allows an attacker to forge messages that would be\nconsidered as authenticated in an amount of tries lower than that\nguaranteed by the security claims of the scheme. The module can only\nbe compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets\nare affected.(CVE-2018-0733)\n\nConstructed ASN.1 types with a recursive definition (such as can be\nfound in PKCS7) could eventually exceed the stack given malicious\ninput with excessive recursion. This could result in a Denial Of\nService attack. There are no such structures used within SSL/TLS that\ncome from untrusted sources so this is considered safe.(CVE-2018-0739)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1065.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.2k-12.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.2k-12.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.2k-12.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.2k-12.110.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.2k-12.110.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:44:35", "description": "Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:openssl (2018-40dc8b8b16)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0733", "CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:openssl", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-40DC8B8B16.NASL", "href": "https://www.tenable.com/plugins/nessus/108775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-40dc8b8b16.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108775);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-40dc8b8b16\");\n\n script_name(english:\"Fedora 26 : 1:openssl (2018-40dc8b8b16)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-40dc8b8b16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"openssl-1.1.0h-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:45:16", "description": "Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-02T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:openssl (2018-76afaf1961)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0733", "CVE-2018-0739"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:openssl", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-76AFAF1961.NASL", "href": "https://www.tenable.com/plugins/nessus/108776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-76afaf1961.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108776);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_xref(name:\"FEDORA\", value:\"2018-76afaf1961\");\n\n script_name(english:\"Fedora 27 : 1:openssl (2018-76afaf1961)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor update to version 1.1.0h.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-76afaf1961\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"openssl-1.1.0h-1.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:49:23", "description": "The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data exfiltration.\n\nCVE-2017-12976\n\ngit-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.\n\nCVE-2018-10857\n\ngit-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.\n\nCVE-2018-10859\n\ngit-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.20141125+oops-1+deb8u2.\n\nWe recommend that you upgrade your git-annex packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-09-06T00:00:00", "type": "nessus", "title": "Debian DLA-1495-1 : git-annex security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800", "CVE-2018-10857", "CVE-2018-10859"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git-annex", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1495.NASL", "href": "https://www.tenable.com/plugins/nessus/117296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1495-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117296);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12976\", \"CVE-2018-10857\", \"CVE-2018-10859\");\n\n script_name(english:\"Debian DLA-1495-1 : git-annex security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The git-annex package was found to have multiple vulnerabilities when\noperating on untrusted data that could lead to arbitrary command\nexecution and encrypted data exfiltration.\n\nCVE-2017-12976\n\ngit-annex before 6.20170818 allows remote attackers to execute\narbitrary commands via an ssh URL with an initial dash character in\nthe hostname, as demonstrated by an ssh://-eProxyCommand= URL, a\nrelated issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and\nCVE-2017-1000117.\n\nCVE-2018-10857\n\ngit-annex is vulnerable to a private data exposure and exfiltration\nattack. It could expose the content of files located outside the\ngit-annex repository, or content from a private web server on\nlocalhost or the LAN.\n\nCVE-2018-10859\n\ngit-annex is vulnerable to an Information Exposure when decrypting\nfiles. A malicious server for a special remote could trick git-annex\ninto decrypting a file that was encrypted to the user's gpg key. This\nattack could be used to expose encrypted data that was never stored in\ngit-annex\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.20141125+oops-1+deb8u2.\n\nWe recommend that you upgrade your git-annex packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/git-annex\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected git-annex package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-annex\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"git-annex\", reference:\"5.20141125+oops-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:27", "description": "The remote host is affected by the vulnerability described in GLSA-201811-21 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could cause a Denial of Service condition, obtain private keying material, or gain access to sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-11-29T00:00:00", "type": "nessus", "title": "GLSA-201811-21 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0733", "CVE-2018-0737", "CVE-2018-0739"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201811-21.NASL", "href": "https://www.tenable.com/plugins/nessus/119275", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201811-21.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119275);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0737\", \"CVE-2018-0739\");\n script_xref(name:\"GLSA\", value:\"201811-21\");\n\n script_name(english:\"GLSA-201811-21 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201811-21\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could cause a Denial of Service condition, obtain\n private keying material, or gain access to sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201811-21\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.2o'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.2o\"), vulnerable:make_list(\"lt 1.0.2o\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:41:18", "description": "Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable, potentially allowing a remote attacker to conduct argument-injection attacks if a user is tricked into processing a specially crafted URL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-26T00:00:00", "type": "nessus", "title": "Debian DSA-4071-1 : sensible-utils - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:sensible-utils", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4071.NASL", "href": "https://www.tenable.com/plugins/nessus/105431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4071. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105431);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-17512\");\n script_xref(name:\"DSA\", value:\"4071\");\n\n script_name(english:\"Debian DSA-4071-1 : sensible-utils - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gabriel Corona reported that sensible-browser from sensible-utils, a\ncollection of small utilities used to sensibly select and spawn an\nappropriate browser, editor or pager, does not validate strings before\nlaunching the program specified by the BROWSER environment variable,\npotentially allowing a remote attacker to conduct argument-injection\nattacks if a user is tricked into processing a specially crafted URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881767\"\n );\n # https://security-tracker.debian.org/tracker/source-package/sensible-utils\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92fb073f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/sensible-utils\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/sensible-utils\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4071\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the sensible-utils packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 0.0.9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.0.9+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sensible-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"sensible-utils\", reference:\"0.0.9+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"sensible-utils\", reference:\"0.0.9+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:59", "description": "Update to version 0.0.11, see http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils /sensible-utils_0.0.11_changelog for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-28T00:00:00", "type": "nessus", "title": "Fedora 26 : sensible-utils (2017-80c6b4d3be)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sensible-utils", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-80C6B4D3BE.NASL", "href": "https://www.tenable.com/plugins/nessus/105475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-80c6b4d3be.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105475);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17512\");\n script_xref(name:\"FEDORA\", value:\"2017-80c6b4d3be\");\n\n script_name(english:\"Fedora 26 : sensible-utils (2017-80c6b4d3be)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 0.0.11, see\nhttp://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils\n/sensible-utils_0.0.11_changelog for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n # http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e16aa490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-80c6b4d3be\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sensible-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sensible-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"sensible-utils-0.0.11-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sensible-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:40", "description": "Update to version 0.0.11, see http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils /sensible-utils_0.0.11_changelog for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : sensible-utils (2017-2fab3f12c4)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sensible-utils", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-2FAB3F12C4.NASL", "href": "https://www.tenable.com/plugins/nessus/105847", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2fab3f12c4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105847);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17512\");\n script_xref(name:\"FEDORA\", value:\"2017-2fab3f12c4\");\n\n script_name(english:\"Fedora 27 : sensible-utils (2017-2fab3f12c4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to version 0.0.11, see\nhttp://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils\n/sensible-utils_0.0.11_changelog for details.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n # http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e16aa490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2fab3f12c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sensible-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sensible-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"sensible-utils-0.0.11-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sensible-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:42:01", "description": "It was discovered that there was a vulnerability in sensible-browser, a utility to start the most suitable web browser based on your environment or configuration.\n\nRemote attackers could conduct argument-injection attacks via specially- crafted URIs.\n\nFor Debian 7 'Wheezy', this issue has been fixed in sensible-utils version 0.0.7+deb7u1.\n\nWe recommend that you upgrade your sensible-utils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "Debian DLA-1209-1 : sensible-utils security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:sensible-utils", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1209.NASL", "href": "https://www.tenable.com/plugins/nessus/105327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1209-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105327);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17512\");\n\n script_name(english:\"Debian DLA-1209-1 : sensible-utils security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a vulnerability in sensible-browser,\na utility to start the most suitable web browser based on your\nenvironment or configuration.\n\nRemote attackers could conduct argument-injection attacks via\nspecially- crafted URIs.\n\nFor Debian 7 'Wheezy', this issue has been fixed in sensible-utils\nversion 0.0.7+deb7u1.\n\nWe recommend that you upgrade your sensible-utils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/12/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/sensible-utils\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected sensible-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sensible-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"sensible-utils\", reference:\"0.0.7+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:32:28", "description": "Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-02-27T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : sensible-utils vulnerability (USN-3584-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:sensible-utils", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3584-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107023", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3584-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107023);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-17512\");\n script_xref(name:\"USN\", value:\"3584-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : sensible-utils vulnerability (USN-3584-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Gabriel Corona discovered that sensible-utils incorrectly validated\nstrings when launcher a browser with the sensible-browser tool. A\nremote attacker could possibly use this issue with a specially crafted\nURL to conduct an argument injection attack and execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3584-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected sensible-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sensible-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sensible-utils\", pkgver:\"0.0.9ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"sensible-utils\", pkgver:\"0.0.9ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"sensible-utils\", pkgver:\"0.0.10ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sensible-utils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T15:20:39", "description": "Adam Collard discovered that Bazaar, an easy to use distributed version control system, did not correctly handle maliciously constructed bzr+ssh URLs, allowing a remote attacker to run an arbitrary shell command.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Debian DSA-4052-1 : bzr - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14176"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bzr", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4052.NASL", "href": "https://www.tenable.com/plugins/nessus/104862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4052. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104862);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14176\");\n script_xref(name:\"DSA\", value:\"4052\");\n\n script_name(english:\"Debian DSA-4052-1 : bzr - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adam Collard discovered that Bazaar, an easy to use distributed\nversion control system, did not correctly handle maliciously\nconstructed bzr+ssh URLs, allowing a remote attacker to run an\narbitrary shell command.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/bzr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bzr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/bzr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4052\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bzr packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.6.0+bzr6595-6+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.7.0+bzr6619-7+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bzr\", reference:\"2.6.0+bzr6595-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bzr-doc\", reference:\"2.6.0+bzr6595-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-bzrlib\", reference:\"2.6.0+bzr6595-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-bzrlib-dbg\", reference:\"2.6.0+bzr6595-6+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-bzrlib.tests\", reference:\"2.6.0+bzr6595-6+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bzr\", reference:\"2.7.0+bzr6619-7+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bzr-doc\", reference:\"2.7.0+bzr6619-7+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-bzrlib\", reference:\"2.7.0+bzr6619-7+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-bzrlib-dbg\", reference:\"2.7.0+bzr6619-7+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-bzrlib.tests\", reference:\"2.7.0+bzr6619-7+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-28T14:18:39", "description": "An update of the glibc package has been released.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Glibc PHSA-2018-2.0-0009", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17426"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:glibc", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0009_GLIBC.NASL", "href": "https://www.tenable.com/plugins/nessus/121902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0009. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121902);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2017-17426\");\n\n script_name(english:\"Photon OS 2.0: Glibc PHSA-2018-2.0-0009\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the glibc package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-9.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17426\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-debuginfo-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-devel-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-i18n-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-iconv-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-lang-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-nscd-2.26-7.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"glibc-tools-2.26-7.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glibc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:44", "description": "The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-02-02T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0733", "CVE-2018-0739"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "href": "https://www.tenable.com/plugins/nessus/106563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106563);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\n \"CVE-2017-3737\",\n \"CVE-2017-3738\",\n \"CVE-2018-0733\",\n \"CVE-2018-0739\"\n );\n script_bugtraq_id(102103, 102118);\n\n script_name(english:\"Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of OpenSSL in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Tenable SecurityCenter application on the remote host contains an\nOpenSSL library that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Tenable SecurityCenter application installed on the remote host\nis missing a security patch. It is, therefore, affected by multiple\nvulnerabilities in the bundled version of OpenSSL.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2018-04\");\n # https://docs.tenable.com/releasenotes/securitycenter/securitycenter79.htm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?706680e4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20171207.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.6.1 or later.\nAlternatively, apply SecurityCenter Patch SC-201801.1.5.x.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0733\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/SecurityCenter/support/openssl/version\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\ninclude(\"install_func.inc\");\n\napp = \"OpenSSL (within SecurityCenter)\";\nfix = \"1.0.2n\";\n\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (empty_or_null(sc_ver)) audit(AUDIT_NOT_INST, \"SecurityCenter\");\n\nversion = get_kb_item(\"Host/SecurityCenter/support/openssl/version\");\nif (empty_or_null(version)) audit(AUDIT_UNKNOWN_APP_VER, app);\n\nif (\n openssl_ver_cmp(ver:version, fix:\"1.0.2\", same_branch:TRUE, is_min_check:FALSE) >= 0 &&\n openssl_ver_cmp(ver:version, fix:fix, same_branch:TRUE, is_min_check:FALSE) < 0\n)\n{\n report =\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter OpenSSL version : ' + version +\n '\\n Fixed OpenSSL version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:39:33", "description": "New libXcursor packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libXcursor (SSA:2017-333-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libXcursor", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-333-01.NASL", "href": "https://www.tenable.com/plugins/nessus/104858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-333-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104858);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"SSA\", value:\"2017-333-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libXcursor (SSA:2017-333-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libXcursor packages are available for Slackware 13.0, 13.1,\n13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.618566\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8053c315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXcursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libXcursor\", pkgver:\"1.1.15\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:40:00", "description": "This update for libXcursor fixes the following issues :\n\n - CVE-2017-16612: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. (boo#1065386)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-02-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libXcursor (openSUSE-2018-196)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libXcursor-debugsource", "p-cpe:/a:novell:opensuse:libXcursor-devel", "p-cpe:/a:novell:opensuse:libXcursor-devel-32bit", "p-cpe:/a:novell:opensuse:libXcursor1", "p-cpe:/a:novell:opensuse:libXcursor1-32bit", "p-cpe:/a:novell:opensuse:libXcursor1-debuginfo", "p-cpe:/a:novell:opensuse:libXcursor1-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-196.NASL", "href": "https://www.tenable.com/plugins/nessus/106924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-196.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106924);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-16612\");\n\n script_name(english:\"openSUSE Security Update : libXcursor (openSUSE-2018-196)\");\n script_summary(english:\"Check for the openSUSE-2018-196 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libXcursor fixes the following issues :\n\n - CVE-2017-16612: It is possible to trigger heap overflows\n due to an integer overflow while parsing images and a\n signedness issue while parsing comments. (boo#1065386)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065386\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXcursor packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXcursor1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libXcursor-debugsource-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libXcursor-devel-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libXcursor1-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libXcursor1-debuginfo-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libXcursor-devel-32bit-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libXcursor1-32bit-1.1.14-10.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libXcursor1-debuginfo-32bit-1.1.14-10.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor-debugsource / libXcursor-devel / libXcursor-devel-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:43:55", "description": "libXcursor 1.1.15\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-07T00:00:00", "type": "nessus", "title": "Fedora 27 : libXcursor (2018-1c5dada34b)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libXcursor", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-1C5DADA34B.NASL", "href": "https://www.tenable.com/plugins/nessus/107157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-1c5dada34b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107157);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"FEDORA\", value:\"2018-1c5dada34b\");\n\n script_name(english:\"Fedora 27 : libXcursor (2018-1c5dada34b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libXcursor 1.1.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c5dada34b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXcursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libXcursor-1.1.15-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:37:17", "description": "According to the version of the libXcursor packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : libXcursor (EulerOS-SA-2018-1003)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libXcursor", "p-cpe:/a:huawei:euleros:libXcursor-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1003.NASL", "href": "https://www.tenable.com/plugins/nessus/106144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106144);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16612\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : libXcursor (EulerOS-SA-2018-1003)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libXcursor packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - libXcursor before 1.1.15 has various integer overflows\n that could lead to heap buffer overflows when\n processing malicious cursors, e.g., with programs like\n GIMP.(CVE-2017-16612)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a5e223d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libXcursor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXcursor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libXcursor-1.1.14-2.1.h1\",\n \"libXcursor-devel-1.1.14-2.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:36:27", "description": "The remote host is affected by the vulnerability described in GLSA-201801-04 (LibXcursor: User-assisted execution of arbitrary code)\n\n It was discovered that libXcursor is prone to several heap overflows when parsing malicious files.\n Impact :\n\n A remote attacker, by enticing a user to process a specially crafted cursor file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "GLSA-201801-04 : LibXcursor: User-assisted execution of arbitrary code", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libXcursor", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201801-04.NASL", "href": "https://www.tenable.com/plugins/nessus/105630", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201801-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105630);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:15:58 $\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"GLSA\", value:\"201801-04\");\n\n script_name(english:\"GLSA-201801-04 : LibXcursor: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201801-04\n(LibXcursor: User-assisted execution of arbitrary code)\n\n It was discovered that libXcursor is prone to several heap overflows\n when parsing malicious files.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted\n cursor file, could possibly execute arbitrary code with the privileges of\n the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201801-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All LibXcursor users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-libs/libXcursor-1.1.15'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-libs/libXcursor\", unaffected:make_list(\"ge 1.1.15\"), vulnerable:make_list(\"lt 1.1.15\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"LibXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:37:38", "description": "According to the version of the libXcursor packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libXcursor (EulerOS-SA-2018-1004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libXcursor", "p-cpe:/a:huawei:euleros:libXcursor-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1004.NASL", "href": "https://www.tenable.com/plugins/nessus/106145", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106145);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16612\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libXcursor (EulerOS-SA-2018-1004)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libXcursor packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - libXcursor before 1.1.15 has various integer overflows\n that could lead to heap buffer overflows when\n processing malicious cursors, e.g., with programs like\n GIMP.(CVE-2017-16612)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1004\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd11a7fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libXcursor package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXcursor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libXcursor-1.1.14-2.1.h1\",\n \"libXcursor-devel-1.1.14-2.1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:42:14", "description": "The freedesktop.org project reports :\n\nIt is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments.\n\nThe integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads.\n\nThe signedness bug is triggered by reading the length of a comment as unsigned int, but casting it to int when calling the function XcursorCommentCreate. Turning length into a negative value allows the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following addition of sizeof (XcursorComment) + 1 makes it possible to allocate less memory than needed for subsequent reads.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-18T00:00:00", "type": "nessus", "title": "FreeBSD : libXcursor -- integer overflow that can lead to heap buffer overflow (ddecde18-e33b-11e7-a293-54e1ad3d6335)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libXcursor", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_DDECDE18E33B11E7A29354E1AD3D6335.NASL", "href": "https://www.tenable.com/plugins/nessus/105339", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105339);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-16612\");\n\n script_name(english:\"FreeBSD : libXcursor -- integer overflow that can lead to heap buffer overflow (ddecde18-e33b-11e7-a293-54e1ad3d6335)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The freedesktop.org project reports :\n\nIt is possible to trigger heap overflows due to an integer overflow\nwhile parsing images and a signedness issue while parsing comments.\n\nThe integer overflow occurs because the chosen limit 0x10000 for\ndimensions is too large for 32 bit systems, because each pixel takes 4\nbytes. Properly chosen values allow an overflow which in turn will\nlead to less allocated memory than needed for subsequent reads.\n\nThe signedness bug is triggered by reading the length of a comment as\nunsigned int, but casting it to int when calling the function\nXcursorCommentCreate. Turning length into a negative value allows the\ncheck against XCURSOR_COMMENT_MAX_LEN to pass, and the following\naddition of sizeof (XcursorComment) + 1 makes it possible to allocate\nless memory than needed for subsequent reads.\"\n );\n # http://seclists.org/oss-sec/2017/q4/339\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2017/q4/339\"\n );\n # https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f2255c6\"\n );\n # https://vuxml.freebsd.org/freebsd/ddecde18-e33b-11e7-a293-54e1ad3d6335.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48058243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libXcursor<1.1.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:03", "description": "This update for libXcursor fixes the following issues: Security issue fixed :\n\n - CVE-2017-16612: Fix integeroverflow while parsing images and a signedness issue while parsing comments (bsc#1065386).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-06T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libXcursor (SUSE-SU-2017:3214-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libXcursor-debugsource", "p-cpe:/a:novell:suse_linux:libXcursor1", "p-cpe:/a:novell:suse_linux:libXcursor1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3214-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3214-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105035);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16612\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libXcursor (SUSE-SU-2017:3214-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libXcursor fixes the following issues: Security issue\nfixed :\n\n - CVE-2017-16612: Fix integeroverflow while parsing images\n and a signedness issue while parsing comments\n (bsc#1065386).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16612/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173214-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9a4c5b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-2000=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-2000=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-2000=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-2000=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-2000=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-2000=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-2000=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libXcursor-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libXcursor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libXcursor1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libXcursor-debugsource-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libXcursor1-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libXcursor1-debuginfo-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libXcursor1-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libXcursor1-debuginfo-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libXcursor-debugsource-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libXcursor1-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libXcursor1-debuginfo-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libXcursor1-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libXcursor1-debuginfo-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libXcursor-debugsource-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libXcursor1-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libXcursor1-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libXcursor1-debuginfo-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libXcursor1-debuginfo-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libXcursor-debugsource-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libXcursor1-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libXcursor1-32bit-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libXcursor1-debuginfo-1.1.14-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libXcursor1-debuginfo-32bit-1.1.14-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:21", "description": "It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:1.1.13-1+deb7u2.\n\nWe recommend that you upgrade your libxcursor packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-11T00:00:00", "type": "nessus", "title": "Debian DLA-1201-1 : libxcursor security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxcursor-dev", "p-cpe:/a:debian:debian_linux:libxcursor1", "p-cpe:/a:debian:debian_linux:libxcursor1-dbg", "p-cpe:/a:debian:debian_linux:libxcursor1-udeb", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/105117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1201-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105117);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-16612\");\n\n script_name(english:\"Debian DLA-1201-1 : libxcursor security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code\nexecution, if a user is tricked into processing a specially crafted\ncursor file.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:1.1.13-1+deb7u2.\n\nWe recommend that you upgrade your libxcursor packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxcursor\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxcursor-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxcursor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxcursor1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxcursor1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxcursor-dev\", reference:\"1:1.1.13-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxcursor1\", reference:\"1:1.1.13-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxcursor1-dbg\", reference:\"1:1.1.13-1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxcursor1-udeb\", reference:\"1:1.1.13-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-14T14:49:41", "description": "It was discovered that libxcursor incorrectly handled certain files.\nAn attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxcursor vulnerability (USN-3501-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxcursor1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3501-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104884", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3501-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104884);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"USN\", value:\"3501-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxcursor vulnerability (USN-3501-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that libxcursor incorrectly handled certain files.\nAn attacker could use these issues to cause libxcursor to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3501-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxcursor1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxcursor1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxcursor1\", pkgver:\"1:1.1.14-1ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxcursor1\", pkgver:\"1:1.1.14-1ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libxcursor1\", pkgver:\"1:1.1.14-1ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libxcursor1\", pkgver:\"1:1.1.14-3ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxcursor1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-13T14:35:54", "description": "It was discovered that the Wayland Xcursor support incorrectly handled certain files. An attacker could use these issues to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : wayland vulnerability (USN-3622-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwayland-bin", "p-cpe:/a:canonical:ubuntu_linux:libwayland-client0", "p-cpe:/a:canonical:ubuntu_linux:libwayland-cursor0", "p-cpe:/a:canonical:ubuntu_linux:libwayland-dev", "p-cpe:/a:canonical:ubuntu_linux:libwayland-doc", "p-cpe:/a:canonical:ubuntu_linux:libwayland-server0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3622-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3622-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108950);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"USN\", value:\"3622-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : wayland vulnerability (USN-3622-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Wayland Xcursor support incorrectly handled\ncertain files. An attacker could use these issues to cause Wayland to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3622-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-client0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-cursor0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwayland-server0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwayland-cursor0\", pkgver:\"1.4.0-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-bin\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-client0\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-cursor0\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-dev\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-doc\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwayland-server0\", pkgver:\"1.12.0-1~ubuntu16.04.3\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwayland-cursor0\", pkgver:\"1.14.0-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwayland-bin / libwayland-client0 / libwayland-cursor0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:40:45", "description": "libXcursor 1.1.15\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-07T00:00:00", "type": "nessus", "title": "Fedora 26 : libXcursor (2018-0eed1be1c0)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libXcursor", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-0EED1BE1C0.NASL", "href": "https://www.tenable.com/plugins/nessus/107156", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0eed1be1c0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107156);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"FEDORA\", value:\"2018-0eed1be1c0\");\n\n script_name(english:\"Fedora 26 : libXcursor (2018-0eed1be1c0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libXcursor 1.1.15\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0eed1be1c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXcursor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libXcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libXcursor-1.1.15-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXcursor\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:42:05", "description": "It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-11T00:00:00", "type": "nessus", "title": "Debian DSA-4059-1 : libxcursor - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxcursor", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4059.NASL", "href": "https://www.tenable.com/plugins/nessus/105120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4059. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105120);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-16612\");\n script_xref(name:\"DSA\", value:\"4059\");\n\n script_name(english:\"Debian DSA-4059-1 : libxcursor - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code\nexecution, if a user is tricked into processing a specially crafted\ncursor file.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libxcursor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxcursor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libxcursor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4059\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxcursor packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 1:1.1.14-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:1.1.14-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxcursor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxcursor-dev\", reference:\"1:1.1.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxcursor1\", reference:\"1:1.1.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxcursor1-dbg\", reference:\"1:1.1.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxcursor1-udeb\", reference:\"1:1.1.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxcursor-dev\", reference:\"1:1.1.14-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxcursor1\", reference:\"1:1.1.14-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxcursor1-dbg\", reference:\"1:1.1.14-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxcursor1-udeb\", reference:\"1:1.1.14-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-21T14:47:26", "description": "Antti Levomaki, Christian Jalio, Joonas Pihlaja :\n\nWget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "FreeBSD : wget -- Stack overflow in HTTP protocol handling (09849e71-bb12-11e7-8357-3065ec6f3643)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:wget", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_09849E71BB1211E783573065EC6F3643.NASL", "href": "https://www.tenable.com/plugins/nessus/104226", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104226);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-13089\");\n\n script_name(english:\"FreeBSD : wget -- Stack overflow in HTTP protocol handling (09849e71-bb12-11e7-8357-3065ec6f3643)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Antti Levomaki, Christian Jalio, Joonas Pihlaja :\n\nWget contains two vulnerabilities, a stack overflow and a heap\noverflow, in the handling of HTTP chunked encoding. By convincing a\nuser to download a specific link over HTTP, an attacker may be able to\nexecute arbitrary code with the privileges of the user.\"\n );\n # http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?120dda3f\"\n );\n # https://vuxml.freebsd.org/freebsd/09849e71-bb12-11e7-8357-3065ec6f3643.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ed97a97\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:wget\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"wget<1.19.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:28", "description": "An update of the systemd package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Systemd PHSA-2017-0045", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:systemd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2017-0045_SYSTEMD.NASL", "href": "https://www.tenable.com/plugins/nessus/121764", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0045. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121764);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-15908\");\n\n script_name(english:\"Photon OS 2.0: Systemd PHSA-2017-0045\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the systemd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-2.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15908\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-233-11.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-debuginfo-233-11.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-devel-233-11.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"systemd-lang-233-11.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-13T14:46:00", "description": "Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 / 17.10 : systemd vulnerability (USN-3466-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:systemd", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3466-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104213", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3466-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104213);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-15908\");\n script_xref(name:\"USN\", value:\"3466-1\");\n\n script_name(english:\"Ubuntu 17.04 / 17.10 : systemd vulnerability (USN-3466-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Karim Hossen & Thomas Imbert discovered that systemd-resolved\nincorrectly handled certain DNS responses. A remote attacker could\npossibly use this issue to cause systemd to temporarily stop\nresponding, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3466-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected systemd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"systemd\", pkgver:\"232-21ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"systemd\", pkgver:\"234-2ubuntu12.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"systemd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:52:56", "description": "According to the version of the libtasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2019-1311)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/124438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124438);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-6891\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2019-1311)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?241175f7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-4.10-1.h2\",\n \"libtasn1-devel-4.10-1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:57", "description": "According to the version of the libtasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libtasn1 (EulerOS-SA-2019-1312)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1312.NASL", "href": "https://www.tenable.com/plugins/nessus/124439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124439);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-6891\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libtasn1 (EulerOS-SA-2019-1312)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1312\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f85b90c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-4.10-1.h2\",\n \"libtasn1-devel-4.10-1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:40", "description": "According to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : libtasn1 (EulerOS-SA-2018-1335)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1335.NASL", "href": "https://www.tenable.com/plugins/nessus/118423", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118423);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\"CVE-2017-6891\");\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : libtasn1 (EulerOS-SA-2018-1335)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1335\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b7169a3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6891\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-3.8-2.h2\",\n \"libtasn1-devel-3.8-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:25", "description": "According to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : libtasn1 (EulerOS-SA-2018-1334)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1334.NASL", "href": "https://www.tenable.com/plugins/nessus/118422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118422);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\"CVE-2017-6891\");\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : libtasn1 (EulerOS-SA-2018-1334)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1334\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b90df9ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6891\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-3.8-2.h2\",\n \"libtasn1-devel-3.8-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:32", "description": "Noteworthy changes in release 4.11 (released 2017-05-27) [stable]\n\n - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields.\n\n - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME.\n This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields.\n\n - Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names. Reported by Jakub Jirasek.\n\nNoteworthy changes in release 4.10 (released 2017-01-16) [stable]\n\n - Updated gnulib\n\n - Removed -Werror from default compiler flags\n\n - Fixed undefined behavior when negating integers in\n _asn1_ltostr(). Issue found by oss-fuzz project (via gnutls):\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38 8\n\n - Pass the correct length to\n _asn1_get_indefinite_length_string in asn1_get_length_ber. This addresses reading 1-byte past the end of data. Issue found by oss-fuzz project (via gnutls):\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33 0 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33 1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libtasn1", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-D5CF1A55CE.NASL", "href": "https://www.tenable.com/plugins/nessus/101725", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-d5cf1a55ce.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101725);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6891\");\n script_xref(name:\"FEDORA\", value:\"2017-d5cf1a55ce\");\n\n script_name(english:\"Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Noteworthy changes in release 4.11 (released 2017-05-27) [stable]\n\n - Introduced the ASN1_TIME_ENCODING_ERROR error code to\n indicate an invalid encoding in the DER time fields.\n\n - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME.\n This flag allows decoding errors in time fields even\n when in strict DER mode. That is introduced in order to\n allow toleration of invalid times in X.509 certificates\n (which are common) even though strict DER adherence is\n enforced in other fields.\n\n - Added safety check in asn1_find_node(). That prevents a\n crash when a very long variable name is provided by the\n developer. Note that this to be exploited requires\n controlling the ASN.1 definitions used by the developer,\n i.e., the 'name' parameter of asn1_write_value() or\n asn1_read_value(). The library is not designed to\n protect against malicious manipulation of the developer\n assigned variable names. Reported by Jakub Jirasek.\n\nNoteworthy changes in release 4.10 (released 2017-01-16) [stable]\n\n - Updated gnulib\n\n - Removed -Werror from default compiler flags\n\n - Fixed undefined behavior when negating integers in\n _asn1_ltostr(). Issue found by oss-fuzz project (via\n gnutls):\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38\n 8\n\n - Pass the correct length to\n _asn1_get_indefinite_length_string in\n asn1_get_length_ber. This addresses reading 1-byte past\n the end of data. Issue found by oss-fuzz project (via\n gnutls):\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33\n 0\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33\n 1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5cf1a55ce\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=331\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mingw-libtasn1-4.12-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:31:58", "description": "Update to 4.12 (#1456190)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : libtasn1 (2017-5115baf0e6)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libtasn1", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-5115BAF0E6.NASL", "href": "https://www.tenable.com/plugins/nessus/101634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5115baf0e6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101634);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-6891\");\n script_xref(name:\"FEDORA\", value:\"2017-5115baf0e6\");\n\n script_name(english:\"Fedora 26 : libtasn1 (2017-5115baf0e6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 4.12 (#1456190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5115baf0e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtasn1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libtasn1-4.12-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:17", "description": "According to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : libtasn1 (EulerOS-SA-2019-1162)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1162.NASL", "href": "https://www.tenable.com/plugins/nessus/123848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123848);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-6891\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : libtasn1 (EulerOS-SA-2019-1162)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.i1/4^CVE-2017-6891i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1162\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e193a085\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-4.10-1.h1\",\n \"libtasn1-devel-4.10-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:22", "description": "According to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.2 : libtasn1 (EulerOS-SA-2019-1082)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtasn1", "p-cpe:/a:huawei:euleros:libtasn1-devel", "cpe:/o:huawei:euleros:uvp:2.5.2"], "id": "EULEROS_SA-2019-1082.NASL", "href": "https://www.tenable.com/plugins/nessus/122704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122704);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-6891\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.2 : libtasn1 (EulerOS-SA-2019-1082)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libtasn1 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Two errors in the 'asn1_find_node()' function\n (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10\n can be exploited to cause a stacked-based buffer\n overflow by tricking a user into processing a specially\n crafted assignments file via the e.g. asn1Coding\n utility.(CVE-2017-6891)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a8ee550\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtasn1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtasn1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtasn1-4.10-1.h1\",\n \"libtasn1-devel-4.10-1.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtasn1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:31", "description": "Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-25T00:00:00", "type": "nessus", "title": "Debian DSA-3861-1 : libtasn1-6 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtasn1-6", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3861.NASL", "href": "https://www.tenable.com/plugins/nessus/100392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3861. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100392);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-6891\");\n script_xref(name:\"DSA\", value:\"3861\");\n\n script_name(english:\"Debian DSA-3861-1 : libtasn1-6 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jakub Jirasek of Secunia Research discovered that libtasn1, a library\nused to handle Abstract Syntax Notation One structures, did not\nproperly validate its input. This would allow an attacker to cause a\ncrash by denial-of-service, or potentially execute arbitrary code, by\ntricking a user into processing a maliciously crafted assignments\nfile.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libtasn1-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3861\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libtasn1-6 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-3-bin\", reference:\"4.2-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-6\", reference:\"4.2-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-6-dbg\", reference:\"4.2-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-6-dev\", reference:\"4.2-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-bin\", reference:\"4.2-3+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtasn1-doc\", reference:\"4.2-3+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:31", "description": "Secunia Research has discovered multiple vulnerabilities in GnuTLS libtasn1, which can be exploited by malicious people to compromise a vulnerable system.\n\nTwo errors in the 'asn1_find_node()' function (lib/parser_aux.c) can be exploited to cause a stacked-based buffer overflow.\n\nSuccessful exploitation of the vulnerabilities allows execution of arbitrary code but requires tricking a user into processing a specially crafted assignments file by e.g. asn1Coding utility.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version 2.13-2+deb7u4.\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-24T00:00:00", "type": "nessus", "title": "Debian DLA-950-1 : libtasn1-3 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libtasn1-3", "p-cpe:/a:debian:debian_linux:libtasn1-3-bin", "p-cpe:/a:debian:debian_linux:libtasn1-3-dbg", "p-cpe:/a:debian:debian_linux:libtasn1-3-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-950.NASL", "href": "https://www.tenable.com/plugins/nessus/100360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-950-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100360);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-6891\");\n\n script_name(english:\"Debian DLA-950-1 : libtasn1-3 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia Research has discovered multiple vulnerabilities in GnuTLS\nlibtasn1, which can be exploited by malicious people to compromise a\nvulnerable system.\n\nTwo errors in the 'asn1_find_node()' function (lib/parser_aux.c) can\nbe exploited to cause a stacked-based buffer overflow.\n\nSuccessful exploitation of the vulnerabilities allows execution of\narbitrary code but requires tricking a user into processing a\nspecially crafted assignments file by e.g. asn1Coding utility.\n\nFor Debian 7 'Wheezy', this problem has been fixed in version\n2.13-2+deb7u4.\n\nWe recommend that you upgrade your libtasn1-3 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libtasn1-3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtasn1-3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libtasn1-3\", reference:\"2.13-2+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtasn1-3-bin\", reference:\"2.13-2+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtasn1-3-dbg\", reference:\"2.13-2+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtasn1-3-dev\", reference:\"2.13-2+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:57:55", "description": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers\nto execute arbitrary commands via a bzr+ssh URL with an initial dash\ncharacter in the hostname, a related issue to CVE-2017-9800,\nCVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and\nCVE-2017-1000117.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bzr/+bug/1710979>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-05T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14176", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2017-09-05T00:00:00", "id": "UB:CVE-2017-14176", "href": "https://ubuntu.com/security/CVE-2017-14176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:17:31", "description": "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used,\nallows user-assisted remote attackers to execute arbitrary commands via an\nssh URL with an initial dash character in the hostname, a related issue to\nCVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,\nCVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "ubuntucve", "title": "CVE-2017-17459", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-17459", "CVE-2017-9800"], "modified": "2017-12-07T00:00:00", "id": "UB:CVE-2017-17459", "href": "https://ubuntu.com/security/CVE-2017-17459", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:23:35", "description": "git-annex before 6.20170818 allows remote attackers to execute arbitrary\ncommands via an ssh URL with an initial dash character in the hostname, as\ndemonstrated by an ssh://-eProxyCommand= URL, a related issue to\nCVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | security-fake-sync fails with \"Original tarballs differ. Aborting\"\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12976", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800"], "modified": "2017-08-20T00:00:00", "id": "UB:CVE-2017-12976", "href": "https://ubuntu.com/security/CVE-2017-12976", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:09", "description": "Dulwich before 0.18.5, when an SSH subprocess is used, allows remote\nattackers to execute arbitrary commands via an ssh URL with an initial dash\ncharacter in the hostname, a related issue to CVE-2017-9800,\nCVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-29T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16228", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2017-10-29T00:00:00", "id": "UB:CVE-2017-16228", "href": "https://ubuntu.com/security/CVE-2017-16228", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:48:33", "description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies\nbecause dns_parse_callback in network/lookup_name.c does not restrict the\nnumber of addresses, and thus an attacker can provide an unexpected number\nby sending A records in a reply to an AAAA query.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2017-15650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15650"], "modified": "2017-10-19T00:00:00", "id": "UB:CVE-2017-15650", "href": "https://ubuntu.com/security/CVE-2017-15650", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:54:15", "description": "sensible-browser in sensible-utils before 0.0.11 does not validate strings\nbefore launching the program specified by the BROWSER environment variable,\nwhich allows remote attackers to conduct argument-injection attacks via a\ncrafted URL, as demonstrated by a --proxy-pac-file argument.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881767>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-11T00:00:00", "type": "ubuntucve", "title": "CVE-2017-17512", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2017-12-11T00:00:00", "id": "UB:CVE-2017-17512", "href": "https://ubuntu.com/security/CVE-2017-17512", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:54:24", "description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could\nreturn a memory block that is too small if an attempt is made to allocate\nan object whose size is close to SIZE_MAX, potentially leading to a\nsubsequent heap overflow. This occurs because the per-thread cache (aka\ntcache) feature enables a code path that lacks an integer overflow check.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-05T00:00:00", "type": "ubuntucve", "title": "CVE-2017-17426", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17426"], "modified": "2017-12-05T00:00:00", "id": "UB:CVE-2017-17426", "href": "https://ubuntu.com/security/CVE-2017-17426", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:55:19", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not\nproperly validate the colormap index in a WPG palette, which allows remote\nattackers to cause a denial of service (use of uninitialized data or\ninvalid memory allocation) or possibly have unspecified other impact via a\nmalformed WPG file.\n\n#### Bugs\n\n * <https://github.com/ImageMagick/ImageMagick/issues/851>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881392>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 0263-CVE-2017-16546.patch in jessie 0109-CVE-2017-16546.patch in stretch\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2017-11-05T00:00:00", "id": "UB:CVE-2017-16546", "href": "https://ubuntu.com/security/CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:54:33", "description": "libXcursor before 1.1.15 has various integer overflows that could lead to\nheap buffer overflows when processing malicious cursors, e.g., with\nprograms like GIMP. It is also possible that an attack vector exists\nagainst the related code in cursor/xcursor.c in Wayland through 1.14.0.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889681>\n * <https://bugs.freedesktop.org/show_bug.cgi?id=103961>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-28T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16612", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-11-28T00:00:00", "id": "UB:CVE-2017-16612", "href": "https://ubuntu.com/security/CVE-2017-16612", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:57:12", "description": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5\nbefore 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to\ndisclose sensitive information or cause a denial of service (application\ncrash) via a crafted regular expression with an invalid '\\N{U+...}' escape.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-09-19T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12883", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12883"], "modified": "2017-09-19T00:00:00", "id": "UB:CVE-2017-12883", "href": "https://ubuntu.com/security/CVE-2017-12883", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-04T13:54:43", "description": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,\nthe tab autocomplete feature of the shell, used to get a list of filenames\nin a directory, does not sanitize filenames and results in executing any\nescape sequence in the terminal. This could potentially result in code\nexecution, arbitrary file writes, or other attacks.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-16544", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2017-11-20T00:00:00", "id": "UB:CVE-2017-16544", "href": "https://ubuntu.com/security/CVE-2017-16544", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:55:45", "description": "The http.c:skip_short_body() function is called in some circumstances, such\nas when processing redirects. When the response is sent chunked in wget\nbefore 1.19.2, the chunk parser uses strtol() to read each chunk's length,\nbut doesn't check that the chunk length is a non-negative number. The code\nthen tries to skip the chunk in pieces of 512 bytes by using the MIN()\nmacro, but ends up passing the negative chunk length to\nconnect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits\nof the chunk length are discarded, leaving fd_read() with a completely\nattacker controlled length argument.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-13089", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2017-10-26T00:00:00", "id": "UB:CVE-2017-13089", "href": "https://ubuntu.com/security/CVE-2017-13089", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:55:44", "description": "In systemd 223 through 235, a remote DNS server can respond with a custom\ncrafted DNS NSEC resource record to trigger an infinite loop in the\ndns_packet_read_type_window() function of the 'systemd-resolved' service\nand cause a DoS of the affected service.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | resolve only used by default on zesty+ independently discovered by Nelson William Gamazo Sanchez, working with Trend Micro's Zero Day Initiative\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-15908", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2017-10-26T00:00:00", "id": "UB:CVE-2017-15908", "href": "https://ubuntu.com/security/CVE-2017-15908", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-01-27T14:16:58", "description": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-27T10:29:00", "type": "debiancve", "title": "CVE-2017-14176", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2017-11-27T10:29:00", "id": "DEBIANCVE:CVE-2017-14176", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-19T06:03:58", "description": "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-07T18:29:00", "type": "debiancve", "title": "CVE-2017-17459", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-17459", "CVE-2017-9800"], "modified": "2017-12-07T18:29:00", "id": "DEBIANCVE:CVE-2017-17459", "href": "https://security-tracker.debian.org/tracker/CVE-2017-17459", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-24T06:04:53", "description": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-20T20:29:00", "type": "debiancve", "title": "CVE-2017-12976", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800"], "modified": "2017-08-20T20:29:00", "id": "DEBIANCVE:CVE-2017-12976", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12976", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T06:04:30", "description": "Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-29T20:29:00", "type": "debiancve", "title": "CVE-2017-16228", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2017-10-29T20:29:00", "id": "DEBIANCVE:CVE-2017-16228", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16228", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:02", "description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-19T23:29:00", "type": "debiancve", "title": "CVE-2017-15650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15650"], "modified": "2017-10-19T23:29:00", "id": "DEBIANCVE:CVE-2017-15650", "href": "https://security-tracker.debian.org/tracker/CVE-2017-15650", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T03:15:16", "description": "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-11T06:29:00", "type": "debiancve", "title": "CVE-2017-17512", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2017-12-11T06:29:00", "id": "DEBIANCVE:CVE-2017-17512", "href": "https://security-tracker.debian.org/tracker/CVE-2017-17512", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-15T06:06:28", "description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-05T17:29:00", "type": "debiancve", "title": "CVE-2017-17426", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17426"], "modified": "2017-12-05T17:29:00", "id": "DEBIANCVE:CVE-2017-17426", "href": "https://security-tracker.debian.org/tracker/CVE-2017-17426", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T22:08:18", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "debiancve", "title": "CVE-2017-16546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2017-11-05T22:29:00", "id": "DEBIANCVE:CVE-2017-16546", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-14T06:08:02", "description": "libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-01T17:29:00", "type": "debiancve", "title": "CVE-2017-16612", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-12-01T17:29:00", "id": "DEBIANCVE:CVE-2017-16612", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16612", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-15T22:09:23", "description": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-09-19T18:29:00", "type": "debiancve", "title": "CVE-2017-12883", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12883"], "modified": "2017-09-19T18:29:00", "id": "DEBIANCVE:CVE-2017-12883", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12883", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-11-11T06:02:05", "description": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-20T15:29:00", "type": "debiancve", "title": "CVE-2017-16544", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2017-11-20T15:29:00", "id": "DEBIANCVE:CVE-2017-16544", "href": "https://security-tracker.debian.org/tracker/CVE-2017-16544", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:02:58", "description": "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T19:29:00", "type": "debiancve", "title": "CVE-2017-13089", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2017-10-27T19:29:00", "id": "DEBIANCVE:CVE-2017-13089", "href": "https://security-tracker.debian.org/tracker/CVE-2017-13089", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-30T14:51:32", "description": "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-26T14:29:00", "type": "debiancve", "title": "CVE-2017-15908", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2017-10-26T14:29:00", "id": "DEBIANCVE:CVE-2017-15908", "href": "https://security-tracker.debian.org/tracker/CVE-2017-15908", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-17T15:18:11", "description": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T19:29:00", "type": "debiancve", "title": "CVE-2017-6891", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2017-05-22T19:29:00", "id": "DEBIANCVE:CVE-2017-6891", "href": "https://security-tracker.debian.org/tracker/CVE-2017-6891", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:48:08", "description": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-12T07:48:25", "type": "redhatcve", "title": "CVE-2017-14176", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2019-10-12T00:52:08", "id": "RH:CVE-2017-14176", "href": "https://access.redhat.com/security/cve/cve-2017-14176", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T11:11:39", "description": "Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-03T14:19:26", "type": "redhatcve", "title": "CVE-2017-16228", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2022-07-07T09:12:34", "id": "RH:CVE-2017-16228", "href": "https://access.redhat.com/security/cve/cve-2017-16228", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T11:11:38", "description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-11T16:50:11", "type": "redhatcve", "title": "CVE-2017-17426", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17426"], "modified": "2022-07-07T09:15:45", "id": "RH:CVE-2017-17426", "href": "https://access.redhat.com/security/cve/cve-2017-17426", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T11:11:36", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-16T10:49:34", "type": "redhatcve", "title": "CVE-2017-16546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2022-07-07T09:13:25", "id": "RH:CVE-2017-16546", "href": "https://access.redhat.com/security/cve/cve-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T11:11:31", "description": "libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-29T03:19:50", "type": "redhatcve", "title": "CVE-2017-16612", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2022-07-07T09:13:35", "id": "RH:CVE-2017-16612", "href": "https://access.redhat.com/security/cve/cve-2017-16612", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:47:53", "description": "A heap buffer overread was found in perl's grok_bslash_N() function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for sensible information in the error message, or crash perl.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-09-15T13:18:30", "type": "redhatcve", "title": "CVE-2017-12883", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12883"], "modified": "2020-04-08T19:11:08", "id": "RH:CVE-2017-12883", "href": "https://access.redhat.com/security/cve/cve-2017-12883", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-07T11:11:36", "description": "It was found that the tab auto-completion feature of BusyBox did not sanitize filenames, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by an attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-21T09:50:16", "type": "redhatcve", "title": "CVE-2017-16544", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2022-07-07T09:13:25", "id": "RH:CVE-2017-16544", "href": "https://access.redhat.com/security/cve/cve-2017-16544", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T11:11:39", "description": "A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-26T16:19:23", "type": "redhatcve", "title": "CVE-2017-13089", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2022-07-07T09:00:53", "id": "RH:CVE-2017-13089", "href": "https://access.redhat.com/security/cve/cve-2017-13089", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-08T05:21:19", "description": "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-30T13:49:27", "type": "redhatcve", "title": "CVE-2017-15908", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2022-06-08T03:54:36", "id": "RH:CVE-2017-15908", "href": "https://access.redhat.com/security/cve/cve-2017-15908", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:32:20", "description": "Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-27T10:29:00", "type": "cve", "title": "CVE-2017-14176", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:canonical:bazaar:2.7.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-14176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:canonical:bazaar:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:02:41", "description": "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-07T18:29:00", "type": "cve", "title": "CVE-2017-17459", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-14176", "CVE-2017-16228", "CVE-2017-17459", "CVE-2017-9800"], "modified": "2019-10-03T00:03:00", "cpe": [], "id": "CVE-2017-17459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17459", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T13:07:08", "description": "git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-08-20T20:29:00", "type": "cve", "title": "CVE-2017-12976", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800"], "modified": "2018-09-06T10:29:00", "cpe": ["cpe:/a:git-annex_project:git-annex:6.20170520"], "id": "CVE-2017-12976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12976", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:git-annex_project:git-annex:6.20170520:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:29", "description": "Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-29T20:29:00", "type": "cve", "title": "CVE-2017-16228", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-16228", "CVE-2017-9800"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:dulwich_project:dulwich:0.18.4"], "id": "CVE-2017-16228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16228", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:dulwich_project:dulwich:0.18.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:17:53", "description": "musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-19T23:29:00", "type": "cve", "title": "CVE-2017-15650", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15650"], "modified": "2017-11-08T16:21:00", "cpe": ["cpe:/a:musl-libc:musl:1.1.6"], "id": "CVE-2017-15650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15650", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:musl-libc:musl:1.1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:03:04", "description": "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-11T06:29:00", "type": "cve", "title": "CVE-2017-17512", "cwe": ["CWE-74"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2018-03-16T01:29:00", "cpe": [], "id": "CVE-2017-17512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17512", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:02:30", "description": "The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-05T17:29:00", "type": "cve", "title": "CVE-2017-17426", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17426"], "modified": "2017-12-15T15:06:00", "cpe": ["cpe:/a:gnu:glibc:2.26"], "id": "CVE-2017-17426", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17426", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:44:58", "description": "The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-05T22:29:00", "type": "cve", "title": "CVE-2017-16546", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16546"], "modified": "2020-10-22T19:20:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:imagemagick:imagemagick:7.0.7-9", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-16546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:imagemagick:imagemagick:7.0.7-9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:05:05", "description": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-09-19T18:29:00", "type": "cve", "title": "CVE-2017-12883", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12883"], "modified": "2020-07-15T03:15:00", "cpe": ["cpe:/a:perl:perl:5.24.2", "cpe:/a:perl:perl:5.26.0"], "id": "CVE-2017-12883", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12883", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:perl:perl:5.24.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:46:13", "description": "libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-12-01T17:29:00", "type": "cve", "title": "CVE-2017-16612", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2018-04-11T01:29:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:x:libxcursor:1.1.14", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2017-16612", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16612", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:x:libxcursor:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-10-28T20:32:07", "description": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-20T15:29:00", "type": "cve", "title": "CVE-2017-16544", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2022-10-28T19:29:00", "cpe": ["cpe:/o:vmware:esxi:6.0", "cpe:/o:redlion:n-tron_702-w_firmware:*", "cpe:/o:vmware:esxi:6.7", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redlion:n-tron_702m12-w_firmware:*", "cpe:/a:busybox:busybox:1.27.2", "cpe:/o:vmware:esxi:6.5", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "CVE-2017-16544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16544", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201909001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201903001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201905001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*", "cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*", "cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*", "cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:10:42", "description": "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-10-27T19:29:00", "type": "cve", "title": "CVE-2017-13089", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2017-12-30T02:29:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/a:gnu:wget:1.19.1", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-13089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13089", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:wget:1.19.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:25:28", "description": "In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-26T14:29:00", "type": "cve", "title": "CVE-2017-15908", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15908"], "modified": "2022-02-20T05:58:00", "cpe": ["cpe:/a:systemd_project:systemd:225", "cpe:/a:systemd_project:systemd:226", "cpe:/a:systemd_project:systemd:227", "cpe:/a:systemd_project:systemd:235", "cpe:/a:systemd_project:systemd:232", "cpe:/a:systemd_project:systemd:231", "cpe:/a:systemd_project:systemd:228", "cpe:/a:systemd_project:systemd:224", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:systemd_project:systemd:230", "cpe:/a:systemd_project:systemd:223", "cpe:/a:systemd_project:systemd:229", "cpe:/a:systemd_project:systemd:233", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:systemd_project:systemd:234"], "id": "CVE-2017-15908", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15908", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:systemd_project:systemd:235:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:229:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:230:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:systemd_project:systemd:226:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:systemd_project:systemd:224:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:225:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:227:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:234:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:232:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:233:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:223:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_project:systemd:231:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2021-07-28T14:34:07", "description": "Arch Linux Security Advisory ASA-201708-7\n=========================================\n\nSeverity: Critical\nDate : 2017-08-12\nCVE-ID : CVE-2017-1000115 CVE-2017-1000116\nPackage : mercurial\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-378\n\nSummary\n=======\n\nThe package mercurial before version 4.2.3-1 is vulnerable to multiple\nissues including arbitrary command execution and arbitrary filesystem\naccess.\n\nResolution\n==========\n\nUpgrade to 4.2.3-1.\n\n# pacman -Syu \"mercurial>=4.2.3-1\"\n\nThe problems have been fixed upstream in version 4.2.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-1000115 (arbitrary filesystem access)\n\nMercurial's symlink auditing was incomplete prior to 4.3, and could be\nabused to write to files outside the repository.\n\n- CVE-2017-1000116 (arbitrary command execution)\n\nMercurial < 4.3 was not sanitizing hostnames passed to ssh, allowing\nshell injection attacks on clients by specifying a hostname starting\nwith -oProxyCommand. This is also present in Git (CVE-2017-1000117) and\nSubversion (CVE-2017-9800), so please patch those tools as well if you\nhave them installed.\n\nImpact\n======\n\nA remote attacker can execute arbitrary command on the affected host by\ntricking a user into executing a hg command. A remote attacker can use\ncrafted commits mixing symlinks and regular files to get access to\nfiles outside the repository.\n\nReferences\n==========\n\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29\nhttps://security.archlinux.org/CVE-2017-1000115\nhttps://security.archlinux.org/CVE-2017-1000116", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-12T00:00:00", "type": "archlinux", "title": "[ASA-201708-7] mercurial: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2017-08-12T00:00:00", "id": "ASA-201708-7", "href": "https://security.archlinux.org/ASA-201708-7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:06", "description": "Arch Linux Security Advisory ASA-201710-28\n==========================================\n\nSeverity: Critical\nDate : 2017-10-21\nCVE-ID : CVE-2017-15650\nPackage : musl\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-457\n\nSummary\n=======\n\nThe package musl before version 1.1.17-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.1.17-1.\n\n# pacman -Syu \"musl>=1.1.17-1\"\n\nThe problem has been fixed upstream in version 1.1.17.\n\nWorkaround\n==========\n\nUsing a local, trusted DNS resolver mitigates the issue.\n\nDescription\n===========\n\nA stack-based buffer overflow has been found in the DNS response\nparsing code of musl libc <= 1.1.16. When an application makes a\nrequest via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an\nattacker who controls or can spoof the nameservers configured in\nresolv.conf can reply to both the A and AAAA queries with A results.\nSince A records are smaller than AAAA records, it's possible to fit\nmore addresses than the precomputed bound, and a buffer overflow\noccurs.\n\nImpact\n======\n\nA remote attacker who controls or can spoof the nameservers configured\nin resolv.conf can execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2017/q4/107\nhttps://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395\nhttps://security.archlinux.org/CVE-2017-15650", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-10-21T00:00:00", "type": "archlinux", "title": "[ASA-201710-28] musl: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15650"], "modified": "2017-10-21T00:00:00", "id": "ASA-201710-28", "href": "https://security.archlinux.org/ASA-201710-28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201711-41\n==========================================\n\nSeverity: High\nDate : 2017-11-30\nCVE-ID : CVE-2017-16612\nPackage : libxcursor\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-531\n\nSummary\n=======\n\nThe package libxcursor before version 1.1.15-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 1.1.15-1.\n\n# pacman -Syu \"libxcursor>=1.1.15-1\"\n\nThe problem has been fixed upstream in version 1.1.15.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIt was discovered that libxcursor before 1.1.15 is vulnerable to heap\noverflows due to an integer overflow while parsing images and a\nsignedness issue while parsing comments. An attacker could use local\nprivileges or trick a user into parsing a malicious file to cause\nlibxcursor to crash, resulting in a denial of service, or possibly\nexecute arbitrary code.\n\nImpact\n======\n\nAn attacker could use local privileges or trick a user into parsing a\nmalicious image file to cause libxcursor to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n\nReferences\n==========\n\nhttp://openwall.com/lists/oss-security/2017/11/28/6\nhttps://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8\nhttps://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2\nhttps://security.archlinux.org/CVE-2017-16612", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-30T00:00:00", "type": "archlinux", "title": "[ASA-201711-41] libxcursor: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-11-30T00:00:00", "id": "ASA-201711-41", "href": "https://security.archlinux.org/ASA-201711-41", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:34:04", "description": "Arch Linux Security Advisory ASA-201803-2\n=========================================\n\nSeverity: High\nDate : 2018-03-01\nCVE-ID : CVE-2017-16544\nPackage : mkinitcpio-busybox\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-514\n\nSummary\n=======\n\nThe package mkinitcpio-busybox before version 1.28.1-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 1.28.1-1.\n\n# pacman -Syu \"mkinitcpio-busybox>=1.28.1-1\"\n\nThe problem has been fixed upstream in version 1.28.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn the add_match function in libbb/lineedit.c in BusyBox through\n1.27.2, the tab autocomplete feature of the shell, used to get a list\nof filenames in a directory, does not sanitize filenames and results in\nexecuting any escape sequence in the terminal. This could potentially\nresult in code execution, arbitrary file writes, or other attacks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code by tricking the user into\nauto-completing a crafted filename.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56391\nhttps://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8\nhttps://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/\nhttps://security.archlinux.org/CVE-2017-16544", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-03-01T00:00:00", "type": "archlinux", "title": "[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2018-03-01T00:00:00", "id": "ASA-201803-2", "href": "https://security.archlinux.org/ASA-201803-2", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201803-1\n=========================================\n\nSeverity: High\nDate : 2018-03-01\nCVE-ID : CVE-2017-16544\nPackage : busybox\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-512\n\nSummary\n=======\n\nThe package busybox before version 1.28.1-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.28.1-1.\n\n# pacman -Syu \"busybox>=1.28.1-1\"\n\nThe problem has been fixed upstream in version 1.28.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn the add_match function in libbb/lineedit.c in BusyBox through\n1.27.2, the tab autocomplete feature of the shell, used to get a list\nof filenames in a directory, does not sanitize filenames and results in\nexecuting any escape sequence in the terminal. This could potentially\nresult in code execution, arbitrary file writes, or other attacks.\n\nImpact\n======\n\nAn attacker is able to execute arbitrary code by tricking the user into\nauto-completing a crafted filename.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/56391\nhttps://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8\nhttps://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/\nhttps://security.archlinux.org/CVE-2017-16544", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-03-01T00:00:00", "type": "archlinux", "title": "[ASA-201803-1] busybox: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16544"], "modified": "2018-03-01T00:00:00", "id": "ASA-201803-1", "href": "https://security.archlinux.org/ASA-201803-1", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:08", "description": "Arch Linux Security Advisory ASA-201706-10\n==========================================\n\nSeverity: High\nDate : 2017-06-12\nCVE-ID : CVE-2017-6891\nPackage : lib32-libtasn1\nType : arbitrary code execution\nRemote : No\nLink : https://security.archlinux.org/AVG-286\n\nSummary\n=======\n\nThe package lib32-libtasn1 before version 4.11-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 4.11-1.\n\n# pacman -Syu \"lib32-libtasn1>=4.11-1\"\n\nThe problem has been fixed upstream in version 4.11.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nTwo errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within\nGnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based\nbuffer overflow by tricking a user into processing a specially crafted\nassignments file via the e.g. asn1Coding utility.\n\nImpact\n======\n\nAn attacker can execute arbitrary code on the affected host by tricking\na local user into processing a specially crafted assignments file.\n\nReferences\n==========\n\nhttps://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=5520704d075802df25ce4ffccc010ba1641bd484\nhttps://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/\nhttps://security.archlinux.org/CVE-2017-6891", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-12T00:00:00", "type": "archlinux", "title": "[ASA-201706-10] lib32-libtasn1: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2017-06-12T00:00:00", "id": "ASA-201706-10", "href": "https://security.archlinux.org/ASA-201706-10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nMercurial Release Notes:\n\nCVE-2017-1000115\nMercurial's symlink auditing was incomplete prior to 4.3, and could be\n\t abused to write to files outside the repository.\nCVE-2017-1000116\nMercurial was not sanitizing hostnames passed to ssh, allowing shell\n\t injection attacks on clients by specifying a hostname starting with\n\t -oProxyCommand. This is also present in Git (CVE-2017-1000117) and\n\t Subversion (CVE-2017-9800), so please patch those tools as well if you\n\t have them installed.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-10T00:00:00", "type": "freebsd", "title": "Mercurial -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2017-08-10T00:00:00", "id": "1D33CDEE-7F6B-11E7-A9B5-3DEBB10A6871", "href": "https://vuxml.freebsd.org/freebsd/1d33cdee-7f6b-11e7-a9b5-3debb10a6871.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nThe freedesktop.org project reports:\n\nIt is possible to trigger heap overflows due to an integer\n\t overflow while parsing images and a signedness issue while\n\t parsing comments.\nThe integer overflow occurs because the chosen limit 0x10000\n\t for dimensions is too large for 32 bit systems, because each pixel\n\t takes 4 bytes. Properly chosen values allow an overflow which in\n\t turn will lead to less allocated memory than needed for subsequent\n\t reads.\nThe signedness bug is triggered by reading the length of a comment\n\t as unsigned int, but casting it to int when calling the function\n\t XcursorCommentCreate. Turning length into a negative value allows\n\t the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following\n\t addition of sizeof (XcursorComment) + 1 makes it possible to\n\t allocate less memory than needed for subsequent reads.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-28T00:00:00", "type": "freebsd", "title": "libXcursor -- integer overflow that can lead to heap buffer overflow", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-11-28T00:00:00", "id": "DDECDE18-E33B-11E7-A293-54E1AD3D6335", "href": "https://vuxml.freebsd.org/freebsd/ddecde18-e33b-11e7-a293-54e1ad3d6335.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nAntti Levom\u00e4ki, Christian Jalio, Joonas Pihlaja:\n\nWget contains two vulnerabilities, a stack overflow and a heap\n\t overflow, in the handling of HTTP chunked encoding. By convincing\n\t a user to download a specific link over HTTP, an attacker may be\n\t able to execute arbitrary code with the privileges of the user.\n\t \n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-20T00:00:00", "type": "freebsd", "title": "wget -- Stack overflow in HTTP protocol handling", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13089"], "modified": "2017-10-20T00:00:00", "id": "09849E71-BB12-11E7-8357-3065EC6F3643", "href": "https://vuxml.freebsd.org/freebsd/09849e71-bb12-11e7-8357-3065ec6f3643.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T13:36:01", "description": "Package : mercurial\nVersion : 2.2.2-4+deb7u5\nCVE ID : CVE-2017-1000115 CVE-2017-1000116\nDebian Bug : 871709 871710\n\nTwo significant vulnerabilities were found in the Mercurial version\ncontrol system which could lead to shell injection attacks and\nout-of-tree file overwrite.\n\nCVE-2017-1000115\n\n Mercurial's symlink auditing was incomplete prior to 4.3, and\n could be abused to write to files outside the repository.\n\nCVE-2017-1000116\n\n Mercurial was not sanitizing hostnames passed to ssh, allowing\n shell injection attacks on clients by specifying a hostname\n starting with -oProxyCommand. This vulnerability is similar to\n those in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800).\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.2.2-4+deb7u5.\n\nWe recommend that you upgrade your mercurial packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-31T11:57:25", "type": "debian", "title": "[SECURITY] [DLA 1072-1] mercurial security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-9800"], "modified": "2017-08-31T11:57:25", "id": "DEBIAN:DLA-1072-1:C63A2", "href": "https://lists.debian.org/debian-lts-announce/2017/08/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T13:28:52", "description": "Package : git-annex\nVersion : 3.20120629+deb7u1\nCVE ID : CVE-2017-12976\nDebian Bug : 873088\n\ngit-annex before 6.20170818 allows remote attackers to execute arbitrary\ncommands via an ssh URL with an initial dash character in the hostname,\nas demonstrated by an ssh://-eProxyCommand= URL, a related issue to\nCVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.20120629+deb7u1.\n\nWe recommend that you upgrade your git-annex packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-27T15:29:08", "type": "debian", "title": "[SECURITY] [DLA 1144-1] git-annex security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800"], "modified": "2017-10-27T15:29:08", "id": "DEBIAN:DLA-1144-1:E0FFD", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00026.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T12:52:38", "description": "Package : git-annex\nVersion : 5.20141125+oops-1+deb8u2\nCVE ID : CVE-2017-12976 CVE-2018-10857 CVE-2018-10859\nDebian Bug : 873088\n\nThe git-annex package was found to have multiple vulnerabilities when\noperating on untrusted data that could lead to arbitrary command\nexecution and encrypted data exfiltration.\n\nCVE-2017-12976\n\n git-annex before 6.20170818 allows remote attackers to execute\n arbitrary commands via an ssh URL with an initial dash character\n in the hostname, as demonstrated by an ssh://-eProxyCommand= URL,\n a related issue to CVE-2017-9800, CVE-2017-12836,\n CVE-2017-1000116, and CVE-2017-1000117.\n\nCVE-2018-10857\n\n git-annex is vulnerable to a private data exposure and\n exfiltration attack. It could expose the content of files located\n outside the git-annex repository, or content from a private web\n server on localhost or the LAN.\n\nCVE-2018-10859\n\n git-annex is vulnerable to an Information Exposure when decrypting\n files. A malicious server for a special remote could trick\n git-annex into decrypting a file that was encrypted to the user's\n gpg key. This attack could be used to expose encrypted data that\n was never stored in git-annex\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n5.20141125+oops-1+deb8u2.\n\nWe recommend that you upgrade your git-annex packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-05T19:28:50", "type": "debian", "title": "[SECURITY] [DLA 1495-1] git-annex security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000116", "CVE-2017-1000117", "CVE-2017-12836", "CVE-2017-12976", "CVE-2017-9800", "CVE-2018-10857", "CVE-2018-10859"], "modified": "2018-09-05T19:28:50", "id": "DEBIAN:DLA-1495-1:43D4C", "href": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T04:36:48", "description": "Package : sensible-utils\nVersion : 0.0.7+deb7u1\nCVE ID : CVE-2017-17512\nDebian Bug : #881767\n\nIt was discovered that there was a vulnerability in sensible-browser, a\nutility to start the most suitable web browser based on your environment\nor configuration.\n\nRemote attackers could conduct argument-injection attacks via specially-\ncrafted URIs.\n\nFor Debian 7 "Wheezy", this issue has been fixed in sensible-utils version\n0.0.7+deb7u1.\n\nWe recommend that you upgrade your sensible-utils packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-15T19:31:58", "type": "debian", "title": "[SECURITY] [DLA 1209-1] sensible-utils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2017-12-15T19:31:58", "id": "DEBIAN:DLA-1209-1:11DCC", "href": "https://lists.debian.org/debian-lts-announce/2017/12/msg00012.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4071-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 21, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sensible-utils\nCVE ID : CVE-2017-17512\nDebian Bug : 881767\n\nGabriel Corona reported that sensible-browser from sensible-utils, a\ncollection of small utilities used to sensibly select and spawn an\nappropriate browser, editor or pager, does not validate strings before\nlaunching the program specified by the BROWSER environment variable,\npotentially allowing a remote attacker to conduct argument-injection\nattacks if a user is tricked into processing a specially crafted URL.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 0.0.9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.0.9+deb9u1.\n\nWe recommend that you upgrade your sensible-utils packages.\n\nFor the detailed security status of sensible-utils please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/sensible-utils\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-21T20:36:49", "type": "debian", "title": "[SECURITY] [DSA 4071-1] sensible-utils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17512"], "modified": "2017-12-21T20:36:49", "id": "DEBIAN:DSA-4071-1:2EA79", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00334.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-01T10:37:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4052-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 29, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bzr\nCVE ID : CVE-2017-14176\nDebian Bug : 874429\n\nAdam Collard discovered that Bazaar, an easy to use distributed version\ncontrol system, did not correctly handle maliciously constructed bzr+ssh\nURLs, allowing a remote attackers to run an arbitrary shell command.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.6.0+bzr6595-6+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.7.0+bzr6619-7+deb9u1.\n\nWe recommend that you upgrade your bzr packages.\n\nFor the detailed security status of bzr please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bzr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-29T20:02:28", "type": "debian", "title": "[SECURITY] [DSA 4052-1] bzr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14176"], "modified": "2017-11-29T20:02:28", "id": "DEBIAN:DSA-4052-1:1117D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00315.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-01T10:34:29", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4059-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 08, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxcursor\nCVE ID : CVE-2017-16612\nDebian Bug : 883792\n\nIt was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code execution,\nif a user is tricked into processing a specially crafted cursor file.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:1.1.14-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.1.14-1+deb9u1.\n\nWe recommend that you upgrade your libxcursor packages.\n\nFor the detailed security status of libxcursor please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libxcursor\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-08T19:40:40", "type": "debian", "title": "[SECURITY] [DSA 4059-1] libxcursor security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-12-08T19:40:40", "id": "DEBIAN:DSA-4059-1:455E2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00322.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-25T05:16:33", "description": "Package : libxcursor\nVersion : 1:1.1.13-1+deb7u2\nCVE ID : CVE-2017-16612\nDebian Bug : 883792\n\nIt was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code execution,\nif a user is tricked into processing a specially crafted cursor file.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.1.13-1+deb7u2.\n\nWe recommend that you upgrade your libxcursor packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-10T11:40:21", "type": "debian", "title": "[SECURITY] [DLA 1201-1] libxcursor security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-12-10T11:40:21", "id": "DEBIAN:DLA-1201-1:90536", "href": "https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T13:11:16", "description": "Package : libxcursor\nVersion : 1:1.1.13-1+deb7u2\nCVE ID : CVE-2017-16612\nDebian Bug : 883792\n\nIt was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code execution,\nif a user is tricked into processing a specially crafted cursor file.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.1.13-1+deb7u2.\n\nWe recommend that you upgrade your libxcursor packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-10T11:40:21", "type": "debian", "title": "[SECURITY] [DLA 1201-1] libxcursor security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16612"], "modified": "2017-12-10T11:40:21", "id": "DEBIAN:DLA-1201-1:C40FD", "href": "https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T22:02:50", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3861-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMay 24, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libtasn1-6\nCVE ID : CVE-2017-6891\nDebian Bug : 863186\n\nJakub Jirasek of Secunia Research discovered that libtasn1, a library\nused to handle Abstract Syntax Notation One structures, did not\nproperly validate its input. This would allow an attacker to cause a\ncrash by denial-of-service, or potentially execute arbitrary code, by\ntricking a user into processing a maliciously crafted assignments\nfile.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u3.\n\nWe recommend that you upgrade your libtasn1-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T11:10:46", "type": "debian", "title": "[SECURITY] [DSA 3861-1] libtasn1-6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6891"], "modified": "2017-05-24T11:10:46", "id": "DEBIAN:DSA-3861-1:C9991", "href": "https://lists.debian.org/debian-security-announce/2017/msg00121.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:08:03", "description": "Two significant vulnerabilities were found in the Mercurial version\ncontrol system which could lead to shell injection attacks and\nout-of-tree file overwrite.\n\nCVE-2017-1000115\n\nMercurial", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mercurial (DLA-1072-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000117", "CVE-2017-1000116", "CVE-2017-9800"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891072", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891072\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000115\", \"CVE-2017-1000116\", \"CVE-2017-1000117\", \"CVE-2017-9800\");\n script_name(\"Debian LTS: Security Advisory for mercurial (DLA-1072-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00032.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"mercurial on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.2.2-4+deb7u5.\n\nWe recommend that you upgrade your mercurial packages.\");\n\n script_tag(name:\"summary\", value:\"Two significant vulnerabilities were found in the Mercurial version\ncontrol system which could lead to shell injection attacks and\nout-of-tree file overwrite.\n\nCVE-2017-1000115\n\nMercurial's symlink auditing was incomplete prior to 4.3, and\ncould be abused to write to files outside the repository.\n\nCVE-2017-1000116\n\nMercurial was not sanitizing hostnames passed to ssh, allowing\nshell injection attacks on clients by specifying a hostname\nstarting with -oProxyCommand. This vulnerability is similar to\nthose in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"mercurial\", ver:\"2.2.2-4+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"mercurial-common\", ver:\"2.2.2-4+deb7u5\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:07:00", "description": "git-annex before 6.20170818 allows remote attackers to execute arbitrary\ncommands via an ssh URL with an initial dash character in the hostname,\nas demonstrated by an ssh://-eProxyCommand= URL, a related issue to\nCVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for git-annex (DLA-1144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12976", "CVE-2017-1000117", "CVE-2017-1000116", "CVE-2017-12836", "CVE-2017-9800"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891144", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891144\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000116\", \"CVE-2017-1000117\", \"CVE-2017-12836\", \"CVE-2017-12976\", \"CVE-2017-9800\");\n script_name(\"Debian LTS: Security Advisory for git-annex (DLA-1144-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00026.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"git-annex on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.20120629+deb7u1.\n\nWe recommend that you upgrade your git-annex packages.\");\n\n script_tag(name:\"summary\", value:\"git-annex before 6.20170818 allows remote attackers to execute arbitrary\ncommands via an ssh URL with an initial dash character in the hostname,\nas demonstrated by an ssh://-eProxyCommand= URL, a related issue to\nCVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git-annex\", ver:\"3.20120629+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2018-76afaf1961", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739", "CVE-2018-0733"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874318", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_76afaf1961_openssl_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for openssl FEDORA-2018-76afaf1961\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874318\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-03 09:00:33 +0200 (Tue, 03 Apr 2018)\");\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2018-76afaf1961\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-76afaf1961\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RTNXPR33JHCRPLE5DTCH3PAOOUHAYXG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.1.0h~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2018-40dc8b8b16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0739", "CVE-2018-0733"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_40dc8b8b16_openssl_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for openssl FEDORA-2018-40dc8b8b16\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874313\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-03 09:00:10 +0200 (Tue, 03 Apr 2018)\");\n script_cve_id(\"CVE-2018-0733\", \"CVE-2018-0739\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openssl FEDORA-2018-40dc8b8b16\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-40dc8b8b16\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFLOEWICGX6YZKDHXLLN67J6EYV4UAS5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.1.0h~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:11:33", "description": "The git-annex package was found to have multiple vulnerabilities when\noperating on untrusted data that could lead to arbitrary command\nexecution and encrypted data exfiltration.\n\nCVE-2017-12976\n\ngit-annex before 6.20170818 allows remote attackers to execute\narbitrary commands via an ssh URL with an initial dash character\nin the hostname, as demonstrated by an ssh://-eProxyCommand= URL,\na related issue to CVE-2017-9800, CVE-2017-12836,\nCVE-2017-1000116, and CVE-2017-1000117.\n\nCVE-2018-10857\n\ngit-annex is vulnerable to a private data exposure and\nexfiltration attack. It could expose the content of files located\noutside the git-annex repository, or content from a private web\nserver on localhost or the LAN.\n\nCVE-2018-10859\n\ngit-annex is vulnerable to an Information Exposure when decrypting\nfiles. A malicious server for a special remote could trick\ngit-annex into decrypting a file that was encrypted to the user", "cvss3": {}, "published": "2018-09-06T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for git-annex (DLA-1495-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10859", "CVE-2017-12976", "CVE-2017-1000117", "CVE-2017-1000116", "CVE-2017-12836", "CVE-2018-10857", "CVE-2017-9800"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891495", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891495\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-1000116\", \"CVE-2017-1000117\", \"CVE-2017-12836\", \"CVE-2017-12976\", \"CVE-2017-9800\",\n \"CVE-2018-10857\", \"CVE-2018-10859\");\n script_name(\"Debian LTS: Security Advisory for git-annex (DLA-1495-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-06 00:00:00 +0200 (Thu, 06 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"git-annex on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.20141125+oops-1+deb8u2.\n\nWe recommend that you upgrade your git-annex packages.\");\n\n script_tag(name:\"summary\", value:\"The git-annex package was found to have multiple vulnerabilities when\noperating on untrusted data that could lead to arbitrary command\nexecution and encrypted data exfiltration.\n\nCVE-2017-12976\n\ngit-annex before 6.20170818 allows remote attackers to execute\narbitrary commands via an ssh URL with an initial dash character\nin the hostname, as demonstrated by an ssh://-eProxyCommand= URL,\na related issue to CVE-2017-9800, CVE-2017-12836,\nCVE-2017-1000116, and CVE-2017-1000117.\n\nCVE-2018-10857\n\ngit-annex is vulnerable to a private data exposure and\nexfiltration attack. It could expose the content of files located\noutside the git-annex repository, or content from a private web\nserver on localhost or the LAN.\n\nCVE-2018-10859\n\ngit-annex is vulnerable to an Information Exposure when decrypting\nfiles. A malicious server for a special remote could trick\ngit-annex into decrypting a file that was encrypted to the user's\ngpg key. This attack could be used to expose encrypted data that\nwas never stored in git-annex\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git-annex\", ver:\"5.20141125+oops-1+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T19:02:19", "description": "Gabriel Corona reported that sensible-browser from sensible-utils, a\ncollection of small utilities used to sensibly select and spawn an\nappropriate browser, editor or pager, does not validate strings before\nlaunching the program specified by the BROWSER environment variable,\npotentially allowing a remote attacker to conduct argument-injection\nattacks if a user is tricked into processing a specially crafted URL.", "cvss3": {}, "published": "2017-12-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4071-1 (sensible-utils - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17512"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4071-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704071\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-17512\");\n script_name(\"Debian Security Advisory DSA 4071-1 (sensible-utils - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-21 00:00:00 +0100 (Thu, 21 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4071.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"sensible-utils on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 0.0.9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 0.0.9+deb9u1.\n\nWe recommend that you upgrade your sensible-utils packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/sensible-utils\");\n script_tag(name:\"summary\", value:\"Gabriel Corona reported that sensible-browser from sensible-utils, a\ncollection of small utilities used to sensibly select and spawn an\nappropriate browser, editor or pager, does not validate strings before\nlaunching the program specified by the BROWSER environment variable,\npotentially allowing a remote attacker to conduct argument-injection\nattacks if a user is tricked into processing a specially crafted URL.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"sensible-utils\", ver:\"0.0.9+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sensible-utils\", ver:\"0.0.9+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-27T00:00:00", "type": "openvas", "title": "Ubuntu Update for sensible-utils USN-3584-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17512"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843462", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843462", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3584_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for sensible-utils USN-3584-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843462\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-27 08:15:33 +0100 (Tue, 27 Feb 2018)\");\n script_cve_id(\"CVE-2017-17512\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for sensible-utils USN-3584-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sensible-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Gabriel Corona discovered that\n sensible-utils incorrectly validated strings when launcher a browser with the\n sensible-browser tool. A remote attacker could possibly use this issue with a\n specially crafted URL to conduct an argument injection attack and execute\n arbitrary code.\");\n script_tag(name:\"affected\", value:\"sensible-utils on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3584-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3584-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sensible-utils\", ver:\"0.0.9ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sensible-utils\", ver:\"0.0.10ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sensible-utils\", ver:\"0.0.9ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-29T00:00:00", "type": "openvas", "title": "Fedora Update for sensible-utils FEDORA-2017-2fab3f12c4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17512"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873950", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_2fab3f12c4_sensible-utils_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for sensible-utils FEDORA-2017-2fab3f12c4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873950\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-29 08:05:03 +0100 (Fri, 29 Dec 2017)\");\n script_cve_id(\"CVE-2017-17512\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sensible-utils FEDORA-2017-2fab3f12c4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sensible-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sensible-utils on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2fab3f12c4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJAOGY2T2QJFJDTGE7PPY3MZ4XWBDUU6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"sensible-utils\", rpm:\"sensible-utils~0.0.11~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-29T00:00:00", "type": "openvas", "title": "Fedora Update for sensible-utils FEDORA-2017-80c6b4d3be", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17512"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873952", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_80c6b4d3be_sensible-utils_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for sensible-utils FEDORA-2017-80c6b4d3be\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873952\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-29 08:05:06 +0100 (Fri, 29 Dec 2017)\");\n script_cve_id(\"CVE-2017-17512\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sensible-utils FEDORA-2017-80c6b4d3be\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sensible-utils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sensible-utils on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-80c6b4d3be\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOJUBTAXQ3SPUAFFBLQS6EVYDJUNG6OZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"sensible-utils\", rpm:\"sensible-utils~0.0.11~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T19:02:16", "description": "Adam Collard discovered that Bazaar, an easy to use distributed version\ncontrol system, did not correctly handle maliciously constructed bzr+ssh\nURLs, allowing a remote attacker to run an arbitrary shell command.", "cvss3": {}, "published": "2017-11-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4052-1 (bzr - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14176"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4052-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704052\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-14176\");\n script_name(\"Debian Security Advisory DSA 4052-1 (bzr - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-29 00:00:00 +0100 (Wed, 29 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4052.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"bzr on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2.6.0+bzr6595-6+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.7.0+bzr6619-7+deb9u1.\n\nWe recommend that you upgrade your bzr packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/bzr\");\n script_tag(name:\"summary\", value:\"Adam Collard discovered that Bazaar, an easy to use distributed version\ncontrol system, did not correctly handle maliciously constructed bzr+ssh\nURLs, allowing a remote attacker to run an arbitrary shell command.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bzr\", ver:\"2.7.0+bzr6619-7+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bzr-doc\", ver:\"2.7.0+bzr6619-7+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib\", ver:\"2.7.0+bzr6619-7+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib-dbg\", ver:\"2.7.0+bzr6619-7+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib.tests\", ver:\"2.7.0+bzr6619-7+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bzr\", ver:\"2.6.0+bzr6595-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bzr-doc\", ver:\"2.6.0+bzr6595-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib\", ver:\"2.6.0+bzr6595-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib-dbg\", ver:\"2.6.0+bzr6595-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-bzrlib.tests\", ver:\"2.6.0+bzr6595-6+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libXcursor (EulerOS-SA-2018-1003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181003", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1003\");\n script_version(\"2020-01-23T11:08:02+0000\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:08:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:08:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libXcursor (EulerOS-SA-2018-1003)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1003\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1003\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libXcursor' package(s) announced via the EulerOS-SA-2018-1003 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612)\");\n\n script_tag(name:\"affected\", value:\"'libXcursor' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libXcursor\", rpm:\"libXcursor~1.1.14~2.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libXcursor-devel\", rpm:\"libXcursor-devel~1.1.14~2.1.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Fedora Update for libXcursor FEDORA-2018-1c5dada34b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1c5dada34b_libXcursor_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libXcursor FEDORA-2018-1c5dada34b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874197\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:39:55 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libXcursor FEDORA-2018-1c5dada34b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libXcursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libXcursor on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1c5dada34b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWRJMGJDU22XEPYOUB6NKXDXYBMKFNBO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXcursor\", rpm:\"libXcursor~1.1.15~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Fedora Update for libXcursor FEDORA-2018-0eed1be1c0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0eed1be1c0_libXcursor_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libXcursor FEDORA-2018-0eed1be1c0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874182\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:37:25 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libXcursor FEDORA-2018-0eed1be1c0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libXcursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libXcursor on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0eed1be1c0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K27KHWZ6SPYCN77REY2EHTNLXHNFCBLH\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXcursor\", rpm:\"libXcursor~1.1.15~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for libxcursor USN-3501-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843385", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3501_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libxcursor USN-3501-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843385\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-30 07:34:47 +0100 (Thu, 30 Nov 2017)\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libxcursor USN-3501-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxcursor'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libxcursor\n incorrectly handled certain files. An attacker could use these issues to cause\n libxcursor to crash, resulting in a denial of service, or possibly execute\n arbitrary code.\");\n script_tag(name:\"affected\", value:\"libxcursor on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3501-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3501-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:amd64\", ver:\"1:1.1.14-1ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:i386\", ver:\"1:1.1.14-1ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:amd64\", ver:\"1:1.1.14-3ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:i386\", ver:\"1:1.1.14-3ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:amd64\", ver:\"1:1.1.14-1ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:i386\", ver:\"1:1.1.14-1ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:amd64\", ver:\"1:1.1.14-1ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxcursor1:i386\", ver:\"1:1.1.14-1ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for wayland USN-3622-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3622_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for wayland USN-3622-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843503\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-10 08:48:31 +0200 (Tue, 10 Apr 2018)\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for wayland USN-3622-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'wayland'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Wayland Xcursor\n support incorrectly handled certain files. An attacker could use these issues to\n cause Wayland to crash, resulting in a denial of service, or possibly execute\n arbitrary code.\");\n script_tag(name:\"affected\", value:\"wayland on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3622-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3622-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:amd64\", ver:\"1.4.0-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:i386\", ver:\"1.4.0-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:amd64\", ver:\"1.14.0-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:i386\", ver:\"1.14.0-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libwayland-bin\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-client0:amd64\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-client0:i386\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:amd64\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-cursor0:i386\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-dev:amd64\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-dev:i386\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-doc\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-server0:amd64\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwayland-server0:i386\", ver:\"1.12.0-1~ubuntu16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T19:02:15", "description": "It was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code execution,\nif a user is tricked into processing a specially crafted cursor file.", "cvss3": {}, "published": "2017-12-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4059-1 (libxcursor - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4059-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704059\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-16612\");\n script_name(\"Debian Security Advisory DSA 4059-1 (libxcursor - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-08 00:00:00 +0100 (Fri, 08 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4059.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"libxcursor on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 1:1.1.14-1+deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:1.1.14-1+deb9u1.\n\nWe recommend that you upgrade your libxcursor packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/libxcursor\");\n script_tag(name:\"summary\", value:\"It was discovered that libXcursor, a X cursor management library, is\nprone to several heap overflows when parsing malicious files. An\nattacker can take advantage of these flaws for arbitrary code execution,\nif a user is tricked into processing a specially crafted cursor file.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor-dev\", ver:\"1:1.1.14-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor1\", ver:\"1:1.1.14-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor1-dbg\", ver:\"1:1.1.14-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor-dev\", ver:\"1:1.1.14-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor1\", ver:\"1:1.1.14-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxcursor1-dbg\", ver:\"1:1.1.14-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libXcursor (EulerOS-SA-2018-1004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16612"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181004", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1004\");\n script_version(\"2020-01-23T11:08:03+0000\");\n script_cve_id(\"CVE-2017-16612\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:08:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:08:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libXcursor (EulerOS-SA-2018-1004)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1004\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1004\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libXcursor' package(s) announced via the EulerOS-SA-2018-1004 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.(CVE-2017-16612)\");\n\n script_tag(name:\"affected\", value:\"'libXcursor' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libXcursor\", rpm:\"libXcursor~1.1.14~2.1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libXcursor-devel\", rpm:\"libXcursor-devel~1.1.14~2.1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "openvas", "title": "Ubuntu Update for systemd USN-3466-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15908"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843349", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3466_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for systemd USN-3466-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843349\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 14:32:07 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-15908\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for systemd USN-3466-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'systemd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Karim Hossen & Thomas Imbert discovered\n that systemd-resolved incorrectly handled certain DNS responses. A remote\n attacker could possibly use this issue to cause systemd to temporarily stop\n responding, resulting in a denial of service.\");\n script_tag(name:\"affected\", value:\"systemd on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3466-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3466-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"systemd\", ver:\"232-21ubuntu7.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2018-1334)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181334", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1334\");\n script_version(\"2020-01-23T11:22:03+0000\");\n script_cve_id(\"CVE-2017-6891\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2018-1334)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1334\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1334\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtasn1' package(s) announced via the EulerOS-SA-2018-1334 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.CVE-2017-6891\");\n\n script_tag(name:\"affected\", value:\"'libtasn1' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~3.8~2.h2\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~3.8~2.h2\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1312)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191312", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1312\");\n script_version(\"2020-01-23T11:39:06+0000\");\n script_cve_id(\"CVE-2017-6891\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:39:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:39:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1312)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1312\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1312\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtasn1' package(s) announced via the EulerOS-SA-2019-1312 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\");\n\n script_tag(name:\"affected\", value:\"'libtasn1' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~4.10~1.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~4.10~1.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:32:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2018-1335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181335", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1335\");\n script_version(\"2020-01-23T11:22:04+0000\");\n script_cve_id(\"CVE-2017-6891\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2018-1335)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1335\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1335\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtasn1' package(s) announced via the EulerOS-SA-2018-1335 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.CVE-2017-6891\");\n\n script_tag(name:\"affected\", value:\"'libtasn1' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~3.8~2.h2\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~3.8~2.h2\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:56", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191082", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1082\");\n script_version(\"2020-01-23T11:30:40+0000\");\n script_cve_id(\"CVE-2017-6891\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:30:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:30:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1082)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1082\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1082\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtasn1' package(s) announced via the EulerOS-SA-2019-1082 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\");\n\n script_tag(name:\"affected\", value:\"'libtasn1' package(s) on Huawei EulerOS Virtualization 2.5.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~4.10~1.h1\", rls:\"EULEROSVIRT-2.5.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~4.10~1.h1\", rls:\"EULEROSVIRT-2.5.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191311", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1311\");\n script_version(\"2020-01-23T11:39:06+0000\");\n script_cve_id(\"CVE-2017-6891\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:39:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:39:06 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2019-1311)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1311\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1311\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libtasn1' package(s) announced via the EulerOS-SA-2019-1311 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.(CVE-2017-6891)\");\n\n script_tag(name:\"affected\", value:\"'libtasn1' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1\", rpm:\"libtasn1~4.10~1.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtasn1-devel\", rpm:\"libtasn1-devel~4.10~1.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:57:45", "description": "Jakub Jirasek of Secunia Research discovered that libtasn1, a library\nused to handle Abstract Syntax Notation One structures, did not\nproperly validate its input. This would allow an attacker to cause a\ncrash by denial-of-service, or potentially execute arbitrary code, by\ntricking a user into processing a maliciously crafted assignments\nfile.", "cvss3": {}, "published": "2017-05-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3861-1 (libtasn1-6 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6891"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703861", "href": "http://plugins.openvas.org/nasl.php?oid=703861", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3861.nasl 6607 2017-07-07 12:04:25Z cfischer $\n# Auto-generated from advisory DSA 3861-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703861);\n script_version(\"$Revision: 6607 $\");\n script_cve_id(\"CVE-2017-6891\");\n script_name(\"Debian Security Advisory DSA 3861-1 (libtasn1-6 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:04:25 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-05-24 00:00:00 +0200 (Wed, 24 May 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3861.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libtasn1-6 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Manage ASN1 (Abstract Syntax Notation One) structures.\nThe main features of this library are:\n\n* on-line ASN1 structure management that doesn't require any C code\nfile generation.\n* off-line ASN1 structure management with C code file generation\ncontaining an array.\n* DER (Distinguish Encoding Rules) encoding\n* no limits for INTEGER and ENUMERATED values\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u3.\n\nWe recommend that you upgrade your libtasn1-6 packages.\");\n script_tag(name: \"summary\", value: \"Jakub Jirasek of Secunia Research discovered that libtasn1, a library\nused to handle Abstract Syntax Notation One structures, did not\nproperly validate its input. This would allow an attacker to cause a\ncrash by denial-of-service, or potentially execute arbitrary code, by\ntricking a user into processing a maliciously crafted assignments\nfile.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtasn1-3-bin\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtasn1-6\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtasn1-6-dbg\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtasn1-6-dev\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtasn1-bin\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtasn1-doc\", ver:\"4.2-3+deb8u3\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osv": [{"lastseen": "2022-08-05T05:17:58", "description": "\nTwo significant vulnerabilities were found in the Mercurial version\ncontrol system which could lead to shell injection attacks and\nout-of-tree file overwrite.\n\n\n* [CVE-2017-1000115](https://security-tracker.debian.org/tracker/CVE-2017-1000115)\nMercurial's symlink auditing was incomplete prior to 4.3, and\n could be abused to write to files outside the repository.\n* [CVE-2017-1000116](https://security-tracker.debian.org/tracker/CVE-2017-1000116)\nMercurial was not sanitizing hostnames passed to ssh, allowing\n shell injection attacks on clients by specifying a hostname\n starting with -oProxyCommand. This vulnerability is similar to\n those in Git ([CVE-2017-1000117](https://security-tracker.debian.org/tracker/CVE-2017-1000117)) and Subversion \n ([CVE-2017-9800](https://security-tracker.debian.org/tracker/CVE-2017-9800)).\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.2.2-4+deb7u5.\n\n\nWe recommend that you upgrade your mercurial packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-31T00:00:00", "type": "osv", "title": "mercurial - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000115", "CVE-2017-1000117", "CVE-2017-1000116", "CVE-2017-9800"], "modified": "2022-08-05T05:17:56", "id": "OSV:DLA-1072-1", "href": "https://osv.dev/vulnerability/DLA-1072-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:20:13", "description": "\ngit-annex before 6.20170818 allows remote attackers to execute arbitrary\ncommands via an ssh URL with an initial dash character in the hostname,\nas demonstrated by an ssh://-eProxyCommand= URL, a related issue to\n[CVE-2017-9800](https://security-tracker.debian.org/tracker/CVE-2017-9800), \n[CVE-2017-12836](https://security-tracker.debian.org/tracker/CVE-2017-12