DATABASE RESOURCES PRICING ABOUT US

{"id": "EULEROS_SA-2020-1117.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2020-1117)", "description": "According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-02-24T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/133918", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", "http://www.nessus.org/u?8a3422ca"], "cvelist": ["CVE-2019-19956"], "immutableFields": [], "lastseen": "2023-01-25T14:28:58", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4479"]}, {"type": "amazon", "idList": ["ALAS-2020-1438", "ALAS2-2020-1534"]}, {"type": "centos", "idList": ["CESA-2020:3996"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:853E5589D5EE11B72526D65C16FA38B8"]}, {"type": "cve", "idList": ["CVE-2019-19956"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2048-1:4A4BD", "DEBIAN:DLA-2048-1:4AFA1", "DEBIAN:DLA-2369-1:46D38", "DEBIAN:DLA-2369-1:E14AE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19956"]}, {"type": "fedora", "idList": ["FEDORA:04BF76309A15", "FEDORA:1F4D830C7DBF", "FEDORA:384B96390985"]}, {"type": "ibm", "idList": ["02B60CDC8F4BAD8C01ABE804AE47C51EC8A4809D9204EC61478B6A825FBF607B", "0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "0F5FDD6A95AE2FAC3D7E3C52034692C15DF4E5754EEFEF130DDA4280D97322F2", "568C1946F6948551373693B819E984491EDA4324124EB255F933921898311FAA", "58D56C8D2689944BB7E42143A4197A4D5AE86937E35B03E954812116FCACD6C3", "5EEF86E68F23C5E3E4A700D875FD52D137A180161C92B0E0F8541AB754241C6D", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "B2EB1B0A78976B31AE7FEB79078A0F8E1A1DC8FD8366FABA05AEA647813A50A2", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "DB8E4E659E64514548095D982131905FB3A6F5608C5916769B8820AA6A05133D"]}, {"type": "ics", "idList": ["ICSA-21-103-08"]}, {"type": "mageia", "idList": ["MGASA-2020-0020", "MGASA-2020-0271"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1534.NASL", "ALA_ALAS-2020-1438.NASL", "ALMA_LINUX_ALSA-2020-4479.NASL", "CENTOS8_RHSA-2020-4479.NASL", "CENTOS_RHSA-2020-3996.NASL", "DEBIAN_DLA-2048.NASL", "DEBIAN_DLA-2369.NASL", "EULEROS_SA-2020-1165.NASL", "EULEROS_SA-2020-1408.NASL", "EULEROS_SA-2020-1434.NASL", "EULEROS_SA-2020-1474.NASL", "EULEROS_SA-2020-1533.NASL", "EULEROS_SA-2020-1670.NASL", "FEDORA_2020-0C71C00AF4.NASL", "NEWSTART_CGSL_NS-SA-2021-0016_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2021-0061_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2021-0148_LIBXML2.NASL", "NUTANIX_NXSA-AHV-20201105_1021.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2020-681.NASL", "OPENSUSE-2020-781.NASL", "ORACLELINUX_ELSA-2020-4479.NASL", "PHOTONOS_PHSA-2020-1_0-0271_LIBXML2.NASL", "PHOTONOS_PHSA-2020-2_0-0203_LIBXML2.NASL", "PHOTONOS_PHSA-2020-3_0-0055_LIBXML2.NASL", "REDHAT-RHSA-2020-2644.NASL", "REDHAT-RHSA-2020-3996.NASL", "REDHAT-RHSA-2020-4479.NASL", "SL_20201001_LIBXML2_ON_SL7_X.NASL", "SUSE_SU-2020-1299-1.NASL", "SUSE_SU-2020-1532-1.NASL", "SUSE_SU-2020-1532-2.NASL", "SUSE_SU-2020-2609-1.NASL", "SUSE_SU-2021-14729-1.NASL", "UBUNTU_USN-4274-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844335", "OPENVAS:1361412562310853172", "OPENVAS:1361412562310853196", "OPENVAS:1361412562310877744", "OPENVAS:1361412562310877770", "OPENVAS:1361412562310892048", "OPENVAS:1361412562311220201117", "OPENVAS:1361412562311220201165", "OPENVAS:1361412562311220201408", "OPENVAS:1361412562311220201434", "OPENVAS:1361412562311220201474", "OPENVAS:1361412562311220201533", "OPENVAS:1361412562311220201670"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3996", "ELSA-2020-4479"]}, {"type": "osv", "idList": ["OSV:DLA-2048-1", "OSV:DLA-2369-1"]}, {"type": "photon", "idList": ["PHSA-2020-0055", "PHSA-2020-0203", "PHSA-2020-1.0-0271", "PHSA-2020-2.0-0203", "PHSA-2020-3.0-0055"]}, {"type": "redhat", "idList": ["RHSA-2020:2644", "RHSA-2020:2646", "RHSA-2020:3996", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4479", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0778", "RHSA-2021:0799", "RHSA-2021:0949", "RHSA-2021:1129", "RHSA-2021:2021"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19956"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0681-1", "OPENSUSE-SU-2020:0781-1"]}, {"type": "ubuntu", "idList": ["USN-4274-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19956"]}, {"type": "veracode", "idList": ["VERACODE:22327"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4479"]}, {"type": "amazon", "idList": ["ALAS-2020-1438"]}, {"type": "centos", "idList": ["CESA-2020:3996"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:853E5589D5EE11B72526D65C16FA38B8"]}, {"type": "cve", "idList": ["CVE-2019-19956"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2048-1:4A4BD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19956"]}, {"type": "fedora", "idList": ["FEDORA:04BF76309A15", "FEDORA:1F4D830C7DBF", "FEDORA:384B96390985"]}, {"type": "ibm", "idList": ["0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "568C1946F6948551373693B819E984491EDA4324124EB255F933921898311FAA"]}, {"type": "ics", "idList": ["ICSA-21-103-08"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1534.NASL", "ALA_ALAS-2020-1438.NASL", "DEBIAN_DLA-2048.NASL", "EULEROS_SA-2020-1165.NASL", "OPENSUSE-2020-681.NASL", "OPENSUSE-2020-781.NASL", "PHOTONOS_PHSA-2020-1_0-0271_LIBXML2.NASL", "PHOTONOS_PHSA-2020-2_0-0203_LIBXML2.NASL", "PHOTONOS_PHSA-2020-3_0-0055_LIBXML2.NASL", "SUSE_SU-2020-1299-1.NASL", "UBUNTU_USN-4274-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844335", "OPENVAS:1361412562310853172", "OPENVAS:1361412562310853196", "OPENVAS:1361412562310892048", "OPENVAS:1361412562311220201117", "OPENVAS:1361412562311220201165"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3996"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0271", "PHSA-2020-2.0-0203", "PHSA-2020-3.0-0055"]}, {"type": "redhat", "idList": ["RHSA-2020:3996"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19956"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0681-1", "OPENSUSE-SU-2020:0781-1"]}, {"type": "ubuntu", "idList": ["USN-4274-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19956"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-19956", "epss": "0.005480000", "percentile": "0.739490000", "modified": "2023-03-14"}], "vulnersScore": -0.2}, "_state": {"dependencies": 1674657173, "score": 1674658204, "epss": 1678891487}, "_internal": {"score_hash": "e822702da99642483366328b96e7af2f"}, "pluginID": "133918", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133918);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19956\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2020-1117)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in\n libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1117\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a3422ca\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h22.eulerosv2r7\",\n \"libxml2-devel-2.9.1-6.3.h22.eulerosv2r7\",\n \"libxml2-python-2.9.1-6.3.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected libxml2 package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-02-21T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"debiancve": [{"lastseen": "2022-12-17T15:18:14", "description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-24T16:15:00", "type": "debiancve", "title": "CVE-2019-19956", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2019-12-24T16:15:00", "id": "DEBIANCVE:CVE-2019-19956", "href": "https://security-tracker.debian.org/tracker/CVE-2019-19956", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-03-08T20:21:15", "description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-08T09:59:17", "type": "redhatcve", "title": "CVE-2019-19956", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2023-03-08T18:04:26", "id": "RH:CVE-2019-19956", "href": "https://access.redhat.com/security/cve/cve-2019-19956", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-10-18T13:34:45", "description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has\na memory leak related to newDoc->oldNs.\n\n#### Bugs\n\n * <https://gitlab.gnome.org/GNOME/libxml2/issues/82>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ccdm94](<https://launchpad.net/~ccdm94>) | the fix for this issue, made available with commit 5a02583c, was reverted in version 2.9.11 with commit a0a8059b, since it seems like the fix introduced various memory issues in libxml2. More information regarding this choice made by upstream can be seen at: https://gitlab.gnome.org/GNOME/libxml2/-/issues/161\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-24T00:00:00", "type": "ubuntucve", "title": "CVE-2019-19956", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2019-12-24T00:00:00", "id": "UB:CVE-2019-19956", "href": "https://ubuntu.com/security/CVE-2019-19956", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-29T19:30:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-29T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for libxml2 (DLA-2048-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19956"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310892048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892048", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892048\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-19956\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-29 03:00:08 +0000 (Sun, 29 Dec 2019)\");\n script_name(\"Debian LTS: Security Advisory for libxml2 (DLA-2048-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2048-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the DLA-2048-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there was a potential denial of service\nvulnerability in libxml2, the GNOME XML parsing library.\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in libxml2 version\n2.9.1+dfsg1-5+deb8u8.\n\nWe recommend that you upgrade your libxml2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u8\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-10T17:29:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libxml2 (openSUSE-SU-2020:0781-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19956"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310853196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853196", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853196\");\n script_version(\"2020-06-09T07:30:09+0000\");\n script_cve_id(\"CVE-2019-19956\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 07:30:09 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-09 03:00:56 +0000 (Tue, 09 Jun 2020)\");\n script_name(\"openSUSE: Security Advisory for libxml2 (openSUSE-SU-2020:0781-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0781-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the openSUSE-SU-2020:0781-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libxml2 fixes the following issues:\n\n - CVE-2019-19956: Reverted the upstream fix for this memory leak because\n it introduced other, more severe vulnerabilities (bsc#1172021).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-781=1\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-python-debugsource\", rpm:\"python-libxml2-python-debugsource~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libxml2-python\", rpm:\"python2-libxml2-python~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libxml2-python-debuginfo\", rpm:\"python2-libxml2-python-debuginfo~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libxml2-python\", rpm:\"python3-libxml2-python~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libxml2-python-debuginfo\", rpm:\"python3-libxml2-python-debuginfo~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit-debuginfo\", rpm:\"libxml2-2-32bit-debuginfo~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel-32bit\", rpm:\"libxml2-devel-32bit~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.9.7~lp151.5.12.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T16:48:32", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-24T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1117)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19956"], "modified": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201117", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1117\");\n script_version(\"2020-02-24T09:06:47+0000\");\n script_cve_id(\"CVE-2019-19956\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:06:47 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:06:47 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1117)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1117\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1117\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1117 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T20:47:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19956"], "modified": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201165", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201165", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1165\");\n script_version(\"2020-02-25T13:57:42+0000\");\n script_cve_id(\"CVE-2019-19956\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:42 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:42 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1165)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1165\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1165\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1165 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.8~4.h9.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.8~4.h9.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libxml2\", rpm:\"python2-libxml2~2.9.8~4.h9.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libxml2\", rpm:\"python3-libxml2~2.9.8~4.h9.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-14T14:51:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-02-11T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for libxml2 (USN-4274-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-02-14T00:00:00", "id": "OPENVAS:1361412562310844335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844335", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844335\");\n script_version(\"2020-02-14T06:25:11+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-14 06:25:11 +0000 (Fri, 14 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-11 04:00:16 +0000 (Tue, 11 Feb 2020)\");\n script_name(\"Ubuntu: Security Advisory for libxml2 (USN-4274-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4274-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-February/005324.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the USN-4274-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libxml2 incorrectly handled certain XML files.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2019-19956, CVE-2020-7595)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-7ubuntu3.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-7ubuntu3.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.4+dfsg1-6.1ubuntu1.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-6.1ubuntu1.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.3+dfsg1-1ubuntu0.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.3+dfsg1-1ubuntu0.7\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-06T01:10:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201533", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1533\");\n script_version(\"2020-04-30T12:12:01+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:12:01 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:12:01 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1533)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1533\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1533\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1533 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\n\nxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h24\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-28T13:23:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libxml2 (openSUSE-SU-2020:0681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20388", "CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-05-27T00:00:00", "id": "OPENVAS:1361412562310853172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853172", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853172\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-23 03:00:57 +0000 (Sat, 23 May 2020)\");\n script_name(\"openSUSE: Security Advisory for libxml2 (openSUSE-SU-2020:0681-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0681-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the openSUSE-SU-2020:0681-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libxml2 fixes the following issues:\n\n - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\n - CVE-2019-19956: Fixed a memory leak (bsc#1159928).\n\n - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-681=1\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2\", rpm:\"libxml2-2~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-debuginfo\", rpm:\"libxml2-2-debuginfo~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debugsource\", rpm:\"libxml2-debugsource~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools\", rpm:\"libxml2-tools~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-tools-debuginfo\", rpm:\"libxml2-tools-debuginfo~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libxml2-python-debugsource\", rpm:\"python-libxml2-python-debugsource~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libxml2-python\", rpm:\"python2-libxml2-python~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libxml2-python-debuginfo\", rpm:\"python2-libxml2-python-debuginfo~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libxml2-python\", rpm:\"python3-libxml2-python~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libxml2-python-debuginfo\", rpm:\"python3-libxml2-python-debuginfo~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit\", rpm:\"libxml2-2-32bit~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-2-32bit-debuginfo\", rpm:\"libxml2-2-32bit-debuginfo~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel-32bit\", rpm:\"libxml2-devel-32bit~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-doc\", rpm:\"libxml2-doc~2.9.7~lp151.5.9.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-17T15:50:47", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20388", "CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201670", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1670\");\n script_version(\"2020-06-16T05:48:58+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:48:58 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:48:58 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1670)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1670\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1670\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1670 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.(CVE-2019-20388)\n\nxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\n\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T16:54:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-02T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for mingw-libxml2 (FEDORA-2020-7694e8be73)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20388", "CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:1361412562310877770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877770", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877770\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-02 03:20:48 +0000 (Sat, 02 May 2020)\");\n script_name(\"Fedora: Security Advisory for mingw-libxml2 (FEDORA-2020-7694e8be73)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-7694e8be73\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxml2'\n package(s) announced via the FEDORA-2020-7694e8be73 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows libxml2 XML processing library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-libxml2' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-libxml2\", rpm:\"mingw-libxml2~2.9.10~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T17:01:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1408)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20388", "CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201408", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1408\");\n script_version(\"2020-04-16T05:50:46+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:50:46 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:50:46 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1408)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1408\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1408\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1408 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.(CVE-2019-20388)\n\nxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\n\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h19\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h19\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h19\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-06T00:57:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-30T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for libxml2 (FEDORA-2020-0c71c00af4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20388", "CVE-2020-7595", "CVE-2019-19956"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310877744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877744", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877744\");\n script_version(\"2020-04-30T08:51:29+0000\");\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 08:51:29 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 03:15:16 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for libxml2 (FEDORA-2020-0c71c00af4)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-0c71c00af4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the FEDORA-2020-0c71c00af4 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This library allows to manipulate XML files. It includes support\nto read, modify and write XML and HTML files. There is DTDs support\nthis includes parsing and validation even with complex DtDs, either\nat parse time or later once the document has been modified. The output\ncan be a simple SAX stream or and in-memory DOM like representations.\nIn this case one can use the built-in XPath and XPointer implementation\nto select sub nodes or ranges. A flexible Input/Output mechanism is\navailable, with existing HTTP and FTP modules and combined to an\nURI library.\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.10~3.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T16:54:48", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20218", "CVE-2019-13734", "CVE-2019-19924", "CVE-2019-19956"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201434", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1434\");\n script_version(\"2020-04-16T05:52:52+0000\");\n script_cve_id(\"CVE-2019-13734\", \"CVE-2019-19924\", \"CVE-2019-20218\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:52:52 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:52:52 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1434)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1434\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1434\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sqlite' package(s) announced via the EulerOS-SA-2020-1434 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-13734)\n\n\n\nselectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218)\n\n\n\nSQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924)\n\n\n\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'sqlite' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite\", rpm:\"sqlite~3.7.17~8.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-devel\", rpm:\"sqlite-devel~3.7.17~8.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T16:59:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3627", "CVE-2017-5969", "CVE-2016-4483", "CVE-2019-19956", "CVE-2015-8806"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201474", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1474\");\n script_version(\"2020-04-16T05:57:38+0000\");\n script_cve_id(\"CVE-2015-8806\", \"CVE-2016-4483\", \"CVE-2017-5969\", \"CVE-2019-19956\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:57:38 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:57:38 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1474)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1474\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1474\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1474 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.(CVE-2016-4483)\n\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\n\ndict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '!DOCTYPE html' substring in a crafted HTML document.(CVE-2015-8806)\n\n** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h22.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2021-11-03T20:59:33", "description": "An update of {'libxml2'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-01T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0203", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-02-01T00:00:00", "id": "PHSA-2020-2.0-0203", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-03T14:50:03", "description": "An update of {'libxml2', 'xerces-c'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0271", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1311", "CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-05T00:00:00", "id": "PHSA-2020-1.0-0271", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-271", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:23:37", "description": "Updates of ['openssl', 'libxml2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0203", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1551", "CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-01-30T00:00:00", "id": "PHSA-2020-0203", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-04-02T06:21:36", "description": "Updates of ['xerces-c', 'libxml2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0271", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1311", "CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-05T00:00:00", "id": "PHSA-2020-0271", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-271", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:49:54", "description": "Updates of ['libarchive', 'sqlite', 'libxml2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0055", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19221", "CVE-2019-19244", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19926", "CVE-2019-19956", "CVE-2019-19959", "CVE-2020-7595"], "modified": "2020-02-06T00:00:00", "id": "PHSA-2020-0055", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-55", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-04-02T05:43:31", "description": "Updates of ['libxml2', 'libarchive', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0055", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19221", "CVE-2019-19244", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19926", "CVE-2019-19956", "CVE-2019-19959", "CVE-2020-7595"], "modified": "2020-02-05T00:00:00", "id": "PHSA-2020-3.0-0055", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-55", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-25T14:36:35", "description": "This update for libxml2 fixes the following issues :\n\nCVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1532-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-devel", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource", "p-cpe:/a:novell:suse_linux:python2-libxml2-python", "p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo", "p-cpe:/a:novell:suse_linux:python3-libxml2-python", "p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1532-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137582", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1532-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137582);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19956\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1532-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\nCVE-2019-19956: Reverted the upstream fix for this memory leak because\nit introduced other, more severe vulnerabilities (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19956/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201532-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e433d23\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1532=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1532=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-2-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-devel-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-tools-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-libxml2-python-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-2-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-devel-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-tools-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-libxml2-python-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:28:57", "description": "According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2020-1165)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:python2-libxml2", "p-cpe:/a:huawei:euleros:python3-libxml2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/133999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133999);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19956\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2020-1165)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in\n libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1165\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8bfa571\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.8-4.h9.eulerosv2r8\",\n \"libxml2-devel-2.9.8-4.h9.eulerosv2r8\",\n \"python2-libxml2-2.9.8-4.h9.eulerosv2r8\",\n \"python3-libxml2-2.9.8-4.h9.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:46:12", "description": "It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library.\n\nFor Debian 8 'Jessie', this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-30T00:00:00", "type": "nessus", "title": "Debian DLA-2048-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2048.NASL", "href": "https://www.tenable.com/plugins/nessus/132420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2048-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132420);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-19956\");\n\n script_name(english:\"Debian DLA-2048-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a potential denial of service\nvulnerability in libxml2, the GNOME XML parsing library.\n\nFor Debian 8 'Jessie', this issue has been fixed in libxml2 version\n2.9.1+dfsg1-5+deb8u8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19956\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxml2\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dev\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-doc\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:36:36", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2020-781)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource", "p-cpe:/a:novell:opensuse:python2-libxml2-python", "p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo", "p-cpe:/a:novell:opensuse:python3-libxml2-python", "p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-781.NASL", "href": "https://www.tenable.com/plugins/nessus/137230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-781.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137230);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/10\");\n\n script_cve_id(\"CVE-2019-19956\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2020-781)\");\n script_summary(english:\"Check for the openSUSE-2020-781 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2019-19956: Reverted the upstream fix for this\n memory leak because it introduced other, more severe\n vulnerabilities (bsc#1172021).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172021\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-2-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-2-debuginfo-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-debugsource-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-devel-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-tools-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-tools-debuginfo-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-libxml2-python-debugsource-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-libxml2-python-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-libxml2-python-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-lp151.5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.7-lp151.5.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-debuginfo / libxml2-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:38:24", "description": "This update for libxml2 fixes the following issues :\n\nCVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1532-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-devel", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource", "p-cpe:/a:novell:suse_linux:python2-libxml2-python", "p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo", "p-cpe:/a:novell:suse_linux:python3-libxml2-python", "p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1532-2.NASL", "href": "https://www.tenable.com/plugins/nessus/138541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1532-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138541);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19956\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1532-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\nCVE-2019-19956: Reverted the upstream fix for this memory leak because\nit introduced other, more severe vulnerabilities (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19956/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201532-2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?907287ff\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1532=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1532=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-2-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-2-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-devel-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-tools-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libxml2-tools-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python-libxml2-python-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-2-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-2-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-devel-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-tools-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libxml2-tools-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python-libxml2-python-debugsource-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-libxml2-python-2.9.7-3.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:33:58", "description": "An update of the libxml2 package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Libxml2 PHSA-2020-2.0-0203", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-02-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxml2", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0203_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/133466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0203. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133466);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2019-19956\");\n\n script_name(english:\"Photon OS 2.0: Libxml2 PHSA-2020-2.0-0203\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-203.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19956\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"libxml2-2.9.10-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.10-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.10-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.10-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:28:57", "description": "An update of the libxml2 package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Libxml2 PHSA-2020-1.0-0271", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-06T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxml2", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0271_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/133501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0271. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133501);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/06\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2020-7595\");\n\n script_name(english:\"Photon OS 1.0: Libxml2 PHSA-2020-1.0-0271\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-271.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"libxml2-2.9.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.10-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.10-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-24T14:15:20", "description": "An update of the libxml2 package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-06T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Libxml2 PHSA-2020-3.0-0055", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-06T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libxml2", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0055_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/133505", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0055. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133505);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/06\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2020-7595\");\n\n script_name(english:\"Photon OS 3.0: Libxml2 PHSA-2020-3.0-0055\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libxml2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-55.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"libxml2-2.9.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.10-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.10-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:29:13", "description": "It was discovered that libxml2 incorrectly handled certain XML files.\nAn attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : libxml2 vulnerabilities (USN-4274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxml2", "p-cpe:/a:canonical:ubuntu_linux:libxml2-utils", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133646", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4274-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133646);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2020-7595\");\n script_xref(name:\"USN\", value:\"4274-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : libxml2 vulnerabilities (USN-4274-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that libxml2 incorrectly handled certain XML files.\nAn attacker could possibly use this issue to cause a denial of\nservice. (CVE-2019-19956, CVE-2020-7595).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4274-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxml2 and / or libxml2-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2-utils\", pkgver:\"2.9.3+dfsg1-1ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-6.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libxml2-utils\", pkgver:\"2.9.4+dfsg1-6.1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libxml2-utils\", pkgver:\"2.9.4+dfsg1-7ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-utils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:52:51", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0148)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-10-28T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:libxml2", "p-cpe:/a:zte:cgsl_core:libxml2-devel", "p-cpe:/a:zte:cgsl_core:libxml2-python", "p-cpe:/a:zte:cgsl_core:libxml2-static", "p-cpe:/a:zte:cgsl_main:libxml2", "p-cpe:/a:zte:cgsl_main:libxml2-devel", "p-cpe:/a:zte:cgsl_main:libxml2-python", "p-cpe:/a:zte:cgsl_main:libxml2-static", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0148_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/154604", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0148. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154604);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/28\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0148)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0148\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-7595\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'libxml2-2.9.1-6.el7.5',\n 'libxml2-devel-2.9.1-6.el7.5',\n 'libxml2-python-2.9.1-6.el7.5',\n 'libxml2-static-2.9.1-6.el7.5'\n ],\n 'CGSL MAIN 5.05': [\n 'libxml2-2.9.1-6.el7.5',\n 'libxml2-devel-2.9.1-6.el7.5',\n 'libxml2-python-2.9.1-6.el7.5',\n 'libxml2-static-2.9.1-6.el7.5'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-30T14:53:58", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3996 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : libxml2 (RHSA-2020:3996)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-python:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-static:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-3996.NASL", "href": "https://www.tenable.com/plugins/nessus/141039", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3996. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141039);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"RHSA\", value:\"2020:3996\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"RHEL 7 : libxml2 (RHSA-2020:3996)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3996 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799786\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(401, 772, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.1-6.el7.5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.5', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / libxml2-static');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:51:23", "description": "Security Fix(es) :\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20201001)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-10-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_LIBXML2_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141661);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - libxml2: memory leak in\n xmlParseBalancedChunkMemoryRecover in parser.c\n (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c\n (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in\n some end-of-file situations (CVE-2020-7595)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=15887\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d46a818\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-6.el7.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:52:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4479 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "RHEL 8 : libxml2 (RHSA-2020:4479)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:libxml2-devel:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-libxml2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-4479.NASL", "href": "https://www.tenable.com/plugins/nessus/143090", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4479. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143090);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"RHSA\", value:\"2020:4479\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"RHEL 8 : libxml2 (RHSA-2020:4479)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4479 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799786\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2, libxml2-devel and / or python3-libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(401, 772, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libxml2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.7-8.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.7-8.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.7-8.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.7-8.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.7-8.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.7-8.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / python3-libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:53:42", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4479 advisory.\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : libxml2 (ELSA-2020-4479)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libxml2", "p-cpe:/a:oracle:linux:libxml2-devel", "p-cpe:/a:oracle:linux:python3-libxml2"], "id": "ORACLELINUX_ELSA-2020-4479.NASL", "href": "https://www.tenable.com/plugins/nessus/142751", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4479.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142751);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"Oracle Linux 8 : libxml2 (ELSA-2020-4479)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4479 advisory.\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4479.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2, libxml2-devel and / or python3-libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-libxml2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'libxml2-2.9.7-8.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libxml2-2.9.7-8.0.1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'libxml2-2.9.7-8.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'libxml2-devel-2.9.7-8.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'libxml2-devel-2.9.7-8.0.1.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'libxml2-devel-2.9.7-8.0.1.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-libxml2-2.9.7-8.0.1.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-libxml2-2.9.7-8.0.1.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / python3-libxml2');\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:51:02", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1438 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libxml2 (ALAS-2020-1438)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-10-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python26", "p-cpe:/a:amazon:linux:libxml2-python27", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/141950", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1438.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141950);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/27\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"ALAS\", value:\"2020-1438\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2020-1438)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1438 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1438.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update libxml2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'libxml2-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libxml2-debuginfo-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-debuginfo-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libxml2-devel-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-devel-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libxml2-python26-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-python26-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libxml2-python27-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-python27-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libxml2-static-2.9.1-6.4.41.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libxml2-static-2.9.1-6.4.41.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:31:27", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4479 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : libxml2 (CESA-2020:4479)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:python3-libxml2"], "id": "CENTOS8_RHSA-2020-4479.NASL", "href": "https://www.tenable.com/plugins/nessus/145881", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4479. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145881);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"RHSA\", value:\"2020:4479\");\n\n script_name(english:\"CentOS 8 : libxml2 (CESA-2020:4479)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4479 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4479\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2, libxml2-devel and / or python3-libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-libxml2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'libxml2-2.9.7-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-2.9.7-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.7-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.7-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / python3-libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:39:03", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0016)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-03-11T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0016_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/147386", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0016. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147386);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'libxml2-2.9.1-6.el7.5',\n 'libxml2-debuginfo-2.9.1-6.el7.5',\n 'libxml2-devel-2.9.1-6.el7.5',\n 'libxml2-python-2.9.1-6.el7.5',\n 'libxml2-static-2.9.1-6.el7.5'\n ],\n 'CGSL MAIN 5.04': [\n 'libxml2-2.9.1-6.el7.5',\n 'libxml2-debuginfo-2.9.1-6.el7.5',\n 'libxml2-devel-2.9.1-6.el7.5',\n 'libxml2-python-2.9.1-6.el7.5',\n 'libxml2-static-2.9.1-6.el7.5'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:38:28", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0061)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0061_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/147266", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0061. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147266);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : libxml2 Multiple Vulnerabilities (NS-SA-2021-0061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has libxml2 packages installed that are affected by multiple\nvulnerabilities:\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'libxml2-2.9.7-8.el8',\n 'libxml2-debuginfo-2.9.7-8.el8',\n 'libxml2-debugsource-2.9.7-8.el8',\n 'libxml2-devel-2.9.7-8.el8',\n 'libxml2-static-2.9.7-8.el8',\n 'python3-libxml2-2.9.7-8.el8',\n 'python3-libxml2-debuginfo-2.9.7-8.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:38:10", "description": "This update for libxml2 fixes the following issues :\n\nCVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\nCVE-2019-19956: Fixed a memory leak (bsc#1159928).\n\nCVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1299-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-devel", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource", "p-cpe:/a:novell:suse_linux:python2-libxml2-python", "p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo", "p-cpe:/a:novell:suse_linux:python3-libxml2-python", "p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1299-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1299-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136792);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2020:1299-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\nCVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\nCVE-2019-19956: Fixed a memory leak (bsc#1159928).\n\nCVE-2020-7595: Fixed an infinite loop in an EOF situation\n(bsc#1161517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20388/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7595/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201299-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2e143ce\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1299=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1299=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1299=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-2-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-debugsource-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-devel-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-tools-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-libxml2-python-debugsource-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-libxml2-python-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-libxml2-python-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-2-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-2-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-debugsource-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-devel-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-tools-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libxml2-tools-debuginfo-2.9.7-3.19.8\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-libxml2-python-debugsource-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-libxml2-python-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-libxml2-python-2.9.7-3.19.10\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-3.19.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:38:53", "description": "This update for libxml2 fixes the following issues :\n\n - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\n - CVE-2019-19956: Fixed a memory leak (bsc#1159928).\n\n - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2020-681)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource", "p-cpe:/a:novell:opensuse:python2-libxml2-python", "p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo", "p-cpe:/a:novell:opensuse:python3-libxml2-python", "p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-681.NASL", "href": "https://www.tenable.com/plugins/nessus/136879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-681.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136879);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2020-681)\");\n script_summary(english:\"Check for the openSUSE-2020-681 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\n - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun\n (bsc#1161521).\n\n - CVE-2019-19956: Fixed a memory leak (bsc#1159928).\n\n - CVE-2020-7595: Fixed an infinite loop in an EOF\n situation (bsc#1161517).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1161521\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-2-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-2-debuginfo-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-debugsource-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-devel-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-tools-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libxml2-tools-debuginfo-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-libxml2-python-debugsource-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-libxml2-python-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python2-libxml2-python-debuginfo-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-libxml2-python-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-libxml2-python-debuginfo-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-debuginfo-2.9.7-lp151.5.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.7-lp151.5.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-debuginfo / libxml2-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:35:21", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.(CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2020-1670)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1670.NASL", "href": "https://www.tenable.com/plugins/nessus/137512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137512);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-7595\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2020-1670)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10\n allows an xmlSchemaValidateStream memory\n leak.(CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2\n 2.9.10 has an infinite loop in a certain end-of-file\n situation.(CVE-2020-7595)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in\n libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1670\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7df5443e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h20\",\n \"libxml2-devel-2.9.1-6.3.h20\",\n \"libxml2-python-2.9.1-6.3.h20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:31:47", "description": "Update to 2.9.10 and fix CVE-2019-19956, CVE-2019-20388 and CVE-2020-7595\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-30T00:00:00", "type": "nessus", "title": "Fedora 30 : libxml2 (2020-0c71c00af4)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-05-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-0C71C00AF4.NASL", "href": "https://www.tenable.com/plugins/nessus/136149", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-0c71c00af4.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136149);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"FEDORA\", value:\"2020-0c71c00af4\");\n\n script_name(english:\"Fedora 30 : libxml2 (2020-0c71c00af4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.10 and fix CVE-2019-19956, CVE-2019-20388 and\nCVE-2020-7595\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c71c00af4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"libxml2-2.9.10-3.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:32:49", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.Security Fix(es):xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.(CVE-2019-20388)xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)xmlParseBalancedChunkMemoryRec over in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2020-1408)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1408.NASL", "href": "https://www.tenable.com/plugins/nessus/135537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135537);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-7595\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2020-1408)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - This library allows to manipulate XML files. It\n includes support to read, modify and write XML and HTML\n files. There is DTDs support this includes parsing and\n validation even with complex DtDs, either at parse time\n or later once the document has been modified. The\n output can be a simple SAX stream or and in-memory DOM\n like representations. In this case one can use the\n built-in XPath and XPointer implementation to select\n sub nodes or ranges. A flexible Input/Output mechanism\n is available, with existing HTTP and FTP modules and\n combined to an URI library.Security\n Fix(es):xmlSchemaPreRun in xmlschemas.c in libxml2\n 2.9.10 allows an xmlSchemaValidateStream memory\n leak.(CVE-2019-20388)xmlStringLenDecodeEntities in\n parser.c in libxml2 2.9.10 has an infinite loop in a\n certain end-of-file\n situation.(CVE-2020-7595)xmlParseBalancedChunkMemoryRec\n over in parser.c in libxml2 before 2.9.10 has a memory\n leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1408\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3eba3538\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h19\",\n \"libxml2-devel-2.9.1-6.3.h19\",\n \"libxml2-python-2.9.1-6.3.h19\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:33:07", "description": "According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. Security Fix(es):xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)xmlStringLenDecodeEntitie s in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability.(CVE-2019-20388)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1533)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1533.NASL", "href": "https://www.tenable.com/plugins/nessus/136236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136236);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-7595\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1533)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - This library allows to manipulate XML files. It\n includes support to read, modify and write XML and HTML\n files. There is DTDs support this includes parsing and\n validation even with complex DtDs, either at parse time\n or later once the document has been modified. The\n output can be a simple SAX stream or and in-memory DOM\n like representations. In this case one can use the\n built-in XPath and XPointer implementation to select\n sub nodes or ranges. A flexible Input/Output mechanism\n is available, with existing HTTP and FTP modules and\n combined to an URI library. Security\n Fix(es):xmlParseBalancedChunkMemoryRecover in parser.c\n in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)xmlStringLenDecodeEntitie\n s in parser.c in libxml2 2.9.10 has an infinite loop in\n a certain end-of-file situation.(CVE-2020-7595)A memory\n leak was found in the xmlSchemaValidateStream function\n of libxml2. Applications that use this library may be\n vulnerable to memory not being freed leading to a\n denial of service. System availability is the highest\n threat from this vulnerability.(CVE-2019-20388)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1533\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?924d5dc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h24\",\n \"libxml2-devel-2.9.1-6.3.h24\",\n \"libxml2-python-2.9.1-6.3.h24\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T18:26:50", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4479 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : libxml2 (ALSA-2020:4479)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libxml2", "p-cpe:/a:alma:linux:python3-libxml2", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-4479.NASL", "href": "https://www.tenable.com/plugins/nessus/157657", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:4479.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157657);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"ALSA\", value:\"2020:4479\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"AlmaLinux 8 : libxml2 (ALSA-2020:4479)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2020:4479 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-4479.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 and / or python3-libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'libxml2-2.9.7-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-2.9.7-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libxml2-2.9.7-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / python3-libxml2');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:45", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1534 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : libxml2 (ALAS-2020-1534)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1534.NASL", "href": "https://www.tenable.com/plugins/nessus/141978", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1534.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141978);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"ALAS\", value:\"2020-1534\");\n\n script_name(english:\"Amazon Linux 2 : libxml2 (ALAS-2020-1534)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1534 advisory.\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1534.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update libxml2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'libxml2-2.9.1-6.amzn2.5.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libxml2-2.9.1-6.amzn2.5.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libxml2-2.9.1-6.amzn2.5.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libxml2-debuginfo-2.9.1-6.amzn2.5.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libxml2-debuginfo-2.9.1-6.amzn2.5.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libxml2-debuginfo-2.9.1-6.amzn2.5.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libxml2-devel-2.9.1-6.amzn2.5.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libxml2-devel-2.9.1-6.amzn2.5.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libxml2-devel-2.9.1-6.amzn2.5.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libxml2-python-2.9.1-6.amzn2.5.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libxml2-python-2.9.1-6.amzn2.5.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libxml2-python-2.9.1-6.amzn2.5.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libxml2-static-2.9.1-6.amzn2.5.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libxml2-static-2.9.1-6.amzn2.5.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libxml2-static-2.9.1-6.amzn2.5.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:50:43", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3996 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "CentOS 7 : libxml2 (CESA-2020:3996)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:libxml2-python", "p-cpe:/a:centos:centos:libxml2-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-3996.NASL", "href": "https://www.tenable.com/plugins/nessus/141590", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3996 and\n# CentOS Errata and Security Advisory 2020:3996 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141590);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-7595\");\n script_xref(name:\"RHSA\", value:\"2020:3996\");\n\n script_name(english:\"CentOS 7 : libxml2 (CESA-2020:3996)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3996 advisory.\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012767.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e45e7ae\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/401.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7595\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(401, 772, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'libxml2-2.9.1-6.el7.5', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libxml2-2.9.1-6.el7.5', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libxml2-devel-2.9.1-6.el7.5', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libxml2-devel-2.9.1-6.el7.5', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libxml2-python-2.9.1-6.el7.5', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libxml2-static-2.9.1-6.el7.5', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libxml2-static-2.9.1-6.el7.5', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:54:11", "description": "This update for libxml2 fixes the following issues :\n\nCVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\nCVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\nCVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).\n\nFixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libxml2 (SUSE-SU-2020:2609-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2609-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143683", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2609-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143683);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-24977\", \"CVE-2020-7595\");\n\n script_name(english:\"SUSE SLES12 Security Update : libxml2 (SUSE-SU-2020:2609-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes the following issues :\n\nCVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n\nCVE-2020-7595: Fixed an infinite loop in an EOF situation\n(bsc#1161517).\n\nCVE-2020-24977: Fixed a global-buffer-overflow in\nxmlEncodeEntitiesInternal (bsc#1176179).\n\nFixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20388/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-24977/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-7595/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202609-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26efccc4\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2609=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2609=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24977\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-2-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-2-32bit-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-2-debuginfo-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-debugsource-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-tools-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libxml2-tools-debuginfo-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-libxml2-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-libxml2-debuginfo-2.9.4-46.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python-libxml2-debugsource-2.9.4-46.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-06T14:39:45", "description": "According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-13734)\n\n - selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218)\n\n - SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2020-1434)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13734", "CVE-2019-19924", "CVE-2019-19956", "CVE-2019-20218"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1434.NASL", "href": "https://www.tenable.com/plugins/nessus/135563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135563);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-13734\",\n \"CVE-2019-19924\",\n \"CVE-2019-20218\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : sqlite (EulerOS-SA-2020-1434)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Out of bounds write in SQLite in Google Chrome prior to\n 79.0.3945.79 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML\n page.(CVE-2019-13734)\n\n - selectExpander in select.c in SQLite 3.30.1 proceeds\n with WITH stack unwinding even after a parsing\n error.(CVE-2019-20218)\n\n - SQLite 3.30.1 mishandles certain parser-tree rewriting,\n related to expr.c, vdbeaux.c, and window.c. This is\n caused by incorrect sqlite3WindowRewrite() error\n handling.(CVE-2019-19924)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in\n libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1434\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93c46721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.7.17-8.h8\",\n \"sqlite-devel-3.7.17-8.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-08T14:42:55", "description": "According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.(CVE-2016-4483)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.(CVE-2019-19956)\n\n - dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the '<!DOCTYPE html' substring in a crafted HTML document.(CVE-2015-8806)\n\n - ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states 'I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.'(CVE-2017-5969)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8806", "CVE-2016-3627", "CVE-2016-4483", "CVE-2017-5969", "CVE-2019-19956"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1474.NASL", "href": "https://www.tenable.com/plugins/nessus/135636", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135636);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8806\",\n \"CVE-2016-4483\",\n \"CVE-2017-5969\",\n \"CVE-2019-19956\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The xmlBufAttrSerializeTxtContent function in xmlsave.c\n in libxml2 allows context-dependent attackers to cause\n a denial of service (out-of-bounds read and application\n crash) via a non-UTF-8 attribute value, related to\n serialization. NOTE: this vulnerability may be a\n duplicate of CVE-2016-3627.(CVE-2016-4483)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in\n libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs.(CVE-2019-19956)\n\n - dict.c in libxml2 allows remote attackers to cause a\n denial of service (heap-based buffer over-read and\n application crash) via an unexpected character\n immediately after the '<!DOCTYPE html' substring in a\n crafted HTML document.(CVE-2015-8806)\n\n - ** DISPUTED ** libxml2 2.9.4, when used in recover\n mode, allows remote attackers to cause a denial of\n service (NULL pointer dereference) via a crafted XML\n document. NOTE: The maintainer states 'I would disagree\n of a CVE with the Recover parsing option which should\n only be used for manual recovery at least for XML\n parser.'(CVE-2017-5969)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1474\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6838193\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h22.eulerosv2r7\",\n \"libxml2-devel-2.9.1-6.3.h22.eulerosv2r7\",\n \"libxml2-python-2.9.1-6.3.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:04", "description": "Several security vulnerabilities were corrected in libxml2, the GNOME XML library.\n\nCVE-2017-8872\n\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\nThe xz_head function in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n\nCVE-2018-14404\n\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\nApplications processing untrusted XSL format inputs may be vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\nIf the option --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak related to newDoc->oldNs.\n\nCVE-2019-20388\n\nA memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of service.\n\nCVE-2020-24977\n\nOut-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-09-10T00:00:00", "type": "nessus", "title": "Debian DLA-2369-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "p-cpe:/a:debian:debian_linux:python3-libxml2", "p-cpe:/a:debian:debian_linux:python3-libxml2-dbg", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2369.NASL", "href": "https://www.tenable.com/plugins/nessus/140469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2369-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140469);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2017-18258\", \"CVE-2017-8872\", \"CVE-2018-14404\", \"CVE-2018-14567\", \"CVE-2019-19956\", \"CVE-2019-20388\", \"CVE-2020-24977\", \"CVE-2020-7595\");\n\n script_name(english:\"Debian DLA-2369-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\nThe xz_head function in libxml2 allows remote attackers to cause a\ndenial of service (memory consumption) via a crafted LZMA file,\nbecause the decoder functionality does not restrict memory usage to\nwhat is required for a legitimate file.\n\nCVE-2018-14404\n\nA NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\ninvalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\nApplications processing untrusted XSL format inputs may be vulnerable\nto a denial of service attack.\n\nCVE-2018-14567\n\nIf the option --with-lzma is used, allows remote attackers to cause a\ndenial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak\nrelated to newDoc->oldNs.\n\nCVE-2019-20388\n\nA memory leak was found in the xmlSchemaValidateStream function of\nlibxml2. Applications that use this library may be vulnerable to\nmemory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of\nservice.\n\nCVE-2020-24977\n\nOut-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24977\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-dev\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-doc\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3-libxml2-dbg\", reference:\"2.9.4+dfsg1-2.2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-26T14:39:14", "description": "The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory.\n\n - expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20843", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-15903", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-11080", "CVE-2020-1934", "CVE-2020-7595"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-httpd:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_security:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_session:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-nghttp2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-curl:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-libcurl:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_md:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-mod_http2:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-2644.NASL", "href": "https://www.tenable.com/plugins/nessus/137705", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2644. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20843\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-15903\",\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-1934\",\n \"CVE-2020-7595\",\n \"CVE-2020-11080\"\n );\n script_bugtraq_id(107665, 107669);\n script_xref(name:\"RHSA\", value:\"2020:2644\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n script_xref(name:\"IAVA\", value:\"2019-A-0098-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2644 advisory.\n\n - expat: large number of colons in input makes parser consume high amount of resources, leading to DoS\n (CVE-2018-20843)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1723723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1752592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1844929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 400, 401, 416, 444, 456, 770, 772, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-57.jbcs.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-57.jbcs.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-pkcs11-0.4.10-7.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-curl / jbcs-httpd24-httpd / jbcs-httpd24-httpd-devel / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:50:48", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14729-1 advisory.\n\n - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. (CVE-2014-0191)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-3516)\n\n - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. (CVE-2021-3517)\n\n - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)\n\n - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. (CVE-2021-3537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2021:14729-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0191", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-32bit", "p-cpe:/a:novell:suse_linux:libxml2-doc", "p-cpe:/a:novell:suse_linux:libxml2-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14729-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150579", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14729-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150579);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2014-0191\",\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-7595\",\n \"CVE-2020-24977\",\n \"CVE-2021-3516\",\n \"CVE-2021-3517\",\n \"CVE-2021-3518\",\n \"CVE-2021-3537\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14729-1\");\n script_xref(name:\"IAVA\", value:\"2015-A-0247-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2021:14729-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14729-1 advisory.\n\n - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in\n Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products,\n loads external parameter entities regardless of whether entity substitution or validation is enabled,\n which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML\n document. (CVE-2014-0191)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at\n libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted\n file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to\n confidentiality, integrity, and availability. (CVE-2021-3516)\n\n - There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker\n who is able to supply a crafted file to be processed by an application linked with the affected\n functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to\n application availability, with some potential impact to confidentiality and integrity if an attacker is\n able to use memory information to further exploit the application. (CVE-2021-3517)\n\n - There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to\n be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact\n from this flaw is to confidentiality, integrity, and availability. (CVE-2021-3518)\n\n - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while\n parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery\n mode and post-validated, the flaw could be used to crash the application. The highest threat from this\n vulnerability is to system availability. (CVE-2021-3537)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185409\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185698\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-May/008797.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?054f377b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-0191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-24977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3537\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2, libxml2-32bit, libxml2-doc and / or libxml2-python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3518\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'libxml2-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libxml2-32bit-2.7.6-0.77.36', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libxml2-32bit-2.7.6-0.77.36', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libxml2-doc-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libxml2-python-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libxml2-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libxml2-32bit-2.7.6-0.77.36', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libxml2-32bit-2.7.6-0.77.36', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libxml2-doc-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libxml2-python-2.7.6-0.77.36', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-32bit / libxml2-doc / libxml2-python');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-02T06:46:20", "description": "The version of AHV installed on the remote host is prior to 20201105.1021. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.1021 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). (CVE-2018-20843)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. (CVE-2019-19126)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). (CVE-2019-20485)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD.\n Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. (CVE-2020-10703)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. (CVE-2020-12825)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25637)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2018-20843", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12450", "CVE-2019-12749", "CVE-2019-14822", "CVE-2019-14866", "CVE-2019-15903", "CVE-2019-16935", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17498", "CVE-2019-19126", "CVE-2019-19956", "CVE-2019-20386", "CVE-2019-20388", "CVE-2019-20485", "CVE-2019-20907", "CVE-2019-2974", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-5482", "CVE-2020-10703", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12825", "CVE-2020-14422", "CVE-2020-15999", "CVE-2020-25637", "CVE-2020-2574", "CVE-2020-2752", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:ahv"], "id": "NUTANIX_NXSA-AHV-20201105_1021.NASL", "href": "https://www.tenable.com/plugins/nessus/164552", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164552);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-12652\",\n \"CVE-2018-20843\",\n \"CVE-2019-2974\",\n \"CVE-2019-5094\",\n \"CVE-2019-5188\",\n \"CVE-2019-5482\",\n \"CVE-2019-11719\",\n \"CVE-2019-11727\",\n \"CVE-2019-11756\",\n \"CVE-2019-12450\",\n \"CVE-2019-12749\",\n \"CVE-2019-14822\",\n \"CVE-2019-14866\",\n \"CVE-2019-15903\",\n \"CVE-2019-16935\",\n \"CVE-2019-17006\",\n \"CVE-2019-17023\",\n \"CVE-2019-17498\",\n \"CVE-2019-19126\",\n \"CVE-2019-19956\",\n \"CVE-2019-20386\",\n \"CVE-2019-20388\",\n \"CVE-2019-20485\",\n \"CVE-2019-20907\",\n \"CVE-2020-2574\",\n \"CVE-2020-2752\",\n \"CVE-2020-2780\",\n \"CVE-2020-2812\",\n \"CVE-2020-6829\",\n \"CVE-2020-7595\",\n \"CVE-2020-8177\",\n \"CVE-2020-8492\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\",\n \"CVE-2020-10703\",\n \"CVE-2020-12243\",\n \"CVE-2020-12400\",\n \"CVE-2020-12401\",\n \"CVE-2020-12402\",\n \"CVE-2020-12403\",\n \"CVE-2020-12825\",\n \"CVE-2020-14422\",\n \"CVE-2020-15999\",\n \"CVE-2020-25637\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AHV host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AHV installed on the remote host is prior to 20201105.1021. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AHV-20201105.1021 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons\n could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be\n usable for denial-of-service attacks). (CVE-2018-20843)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger\n an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information\n disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign\n CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in\n CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This\n vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited\n to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical\n Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of\n symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only\n affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own\n home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to\n read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a\n cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent\n client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and\n send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A\n local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical\n interface, change the input method engine, or modify other input related configurations of the victim\n user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may\n contain files with permissions the attacker did not have or in paths he did not have access to. Extracting\n those archives from a high-privilege user without carefully reviewing them may lead to the compromise of\n the system. (CVE-2019-14866)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to\n document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary\n JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length\n checks. In cases where the application calling the library did not perform a sanity check on the inputs it\n could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting\n in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming\n Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow\n in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent\n memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of\n service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the\n LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition,\n allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass\n ASLR for a setuid program. (CVE-2019-19126)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the\n udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a\n guest agent, which allows attackers to cause a denial of service (API blockage). (CVE-2019-20485)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an\n infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A\n specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0,\n and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this\n flaw affects storage pools created without a target path such as network-based pools like gluster and RBD.\n Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon,\n resulting in a potential denial of service. (CVE-2020-10703)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant\n time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80\n and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar\n multiplication was removed, resulting in variable-time execution dependent on secret data. This\n vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean\n Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform\n electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,\n but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using\n multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling\n multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest\n threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to\n stack consumption. (CVE-2020-12825)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and\n IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application\n is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this\n attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible\n for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit\n access control driver. Specifically, clients connecting to the read-write socket with limited ACL\n permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or\n potentially escalate their privileges on the system. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25637)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which\n leaked partial information about the nonce used during signature generation. Given an electro-magnetic\n trace of a few signature generations, the private key could have been computed. This vulnerability affects\n Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources\n that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1\n allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client\n because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AHV-20201105.1021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085dcec0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AHV software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17006\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5482\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:ahv\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/Node/Version\", \"Host/Nutanix/Data/Node/Type\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info(node:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '20201105.1021', 'product' : 'AHV', 'fixed_display' : 'Upgrade the AHV install to 20201105.1021 or higher.' }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-04-02T06:46:09", "description": "The version of AOS installed on the remote host is prior to 5.19.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.0.5 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.0.5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2017-15715", "CVE-2017-18190", "CVE-2017-18551", "CVE-2018-10896", "CVE-2018-1283", "CVE-2018-1303", "CVE-2018-20836", "CVE-2018-20843", "CVE-2019-10098", "CVE-2019-1010305", "CVE-2019-11068", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12450", "CVE-2019-12614", "CVE-2019-12749", "CVE-2019-14822", "CVE-2019-14866", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-16994", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-17498", "CVE-2019-18197", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19126", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20386", "CVE-2019-20388", "CVE-2019-20636", "CVE-2019-20811", "CVE-2019-20907", "CVE-2019-2974", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-5482", "CVE-2019-8675", "CVE-2019-8696", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13943", "CVE-2020-14305", "CVE-2020-14331", "CVE-2020-14422", "CVE-2020-15999", "CVE-2020-1749", "CVE-2020-17527", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-2574", "CVE-2020-2732", "CVE-2020-2752", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8631", "CVE-2020-8632", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164556", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164556);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-12652\",\n \"CVE-2017-15715\",\n \"CVE-2017-18190\",\n \"CVE-2017-18551\",\n \"CVE-2018-1283\",\n \"CVE-2018-1303\",\n \"CVE-2018-10896\",\n \"CVE-2018-20836\",\n \"CVE-2018-20843\",\n \"CVE-2019-2974\",\n \"CVE-2019-5094\",\n \"CVE-2019-5188\",\n \"CVE-2019-5482\",\n \"CVE-2019-8675\",\n \"CVE-2019-8696\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-10098\",\n \"CVE-2019-11068\",\n \"CVE-2019-11719\",\n \"CVE-2019-11727\",\n \"CVE-2019-11756\",\n \"CVE-2019-12450\",\n \"CVE-2019-12614\",\n \"CVE-2019-12749\",\n \"CVE-2019-14822\",\n \"CVE-2019-14866\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15903\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16935\",\n \"CVE-2019-16994\",\n \"CVE-2019-17006\",\n \"CVE-2019-17023\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-17498\",\n \"CVE-2019-18197\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19126\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-19956\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20386\",\n \"CVE-2019-20388\",\n \"CVE-2019-20636\",\n \"CVE-2019-20811\",\n \"CVE-2019-20907\",\n \"CVE-2019-1010305\",\n \"CVE-2020-1749\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\",\n \"CVE-2020-2574\",\n \"CVE-2020-2732\",\n \"CVE-2020-2752\",\n \"CVE-2020-2780\",\n \"CVE-2020-2812\",\n \"CVE-2020-6829\",\n \"CVE-2020-7595\",\n \"CVE-2020-8177\",\n \"CVE-2020-8492\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\",\n \"CVE-2020-8631\",\n \"CVE-2020-8632\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12243\",\n \"CVE-2020-12400\",\n \"CVE-2020-12401\",\n \"CVE-2020-12402\",\n \"CVE-2020-12403\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-13943\",\n \"CVE-2020-14305\",\n \"CVE-2020-14331\",\n \"CVE-2020-14422\",\n \"CVE-2020-15999\",\n \"CVE-2020-17527\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.0.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.19.0.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.19.0.5 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline\n character in a malicious filename, rather than matching only the end of the filename. This could be\n exploited in environments where uploads of some files are are externally blocked, but only by matching the\n trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows\n remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in\n conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither\n the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI\n applications (SessionEnv on, not the default), a remote user may influence their content by using a\n Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data\n to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per\n CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30\n due to an out of bound read while preparing data to be cached in shared memory. It could be used as a\n Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk\n since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons\n could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be\n usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the\n request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component\n is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the\n victim must open a specially crafted chm file. The fixed version is: after commit\n 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and\n xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a\n crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger\n an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information\n disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign\n CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in\n CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This\n vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited\n to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical\n Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of\n symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only\n affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own\n home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to\n read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a\n cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent\n client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and\n send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A\n local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical\n interface, change the input method engine, or modify other input related configurations of the victim\n user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may\n contain files with permissions the attacker did not have or in paths he did not have access to. Extracting\n those archives from a high-privilege user without carefully reviewing them may lead to the compromise of\n the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to\n document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary\n JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when\n register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka\n CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length\n checks. In cases where the application calling the library did not perform a sanity check on the inputs it\n could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting\n in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming\n Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow\n in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent\n memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of\n service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds\n check could fail and memory outside a buffer could be written to, or uninitialized data could be\n disclosed. (CVE-2019-18197)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of\n this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or\n dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the\n LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition,\n allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass\n ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code\n refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The\n timeri variable was originally intended to be for a newly created timer instance, but was used for a\n different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has\n some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will\n cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the\n udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an\n infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A\n specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave\n 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a\n privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS\n client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause\n a kernel panic. The highest threat from this vulnerability is to data confidentiality and system\n availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant\n time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80\n and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar\n multiplication was removed, resulting in variable-time execution dependent on secret data. This\n vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean\n Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform\n electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,\n but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using\n multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling\n multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest\n threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the\n HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP\n headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\n could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and\n IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application\n is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this\n attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to\n 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on\n an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely\n lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak\n between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a\n malicious FTP server. (CVE-2020-1934)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which\n leaked partial information about the nonce used during signature generation. Given an electro-magnetic\n trace of a few signature generations, the private key could have been computed. This vulnerability affects\n Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources\n that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1\n allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client\n because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.19.0.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb66440b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17006\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5482\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.19.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.19.0.5 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.19.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.19.0.5 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T08:35:28", "description": "The version of AOS installed on the remote host is prior to 5.19.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2017-15715", "CVE-2017-18190", "CVE-2017-18551", "CVE-2018-10896", "CVE-2018-1283", "CVE-2018-1303", "CVE-2018-20836", "CVE-2018-20843", "CVE-2019-10098", "CVE-2019-1010305", "CVE-2019-11068", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12450", "CVE-2019-12614", "CVE-2019-12749", "CVE-2019-14822", "CVE-2019-14866", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-16994", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-17498", "CVE-2019-18197", "CVE-2019-18282", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19126", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20386", "CVE-2019-20388", "CVE-2019-20636", "CVE-2019-20811", "CVE-2019-20907", "CVE-2019-2974", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-5482", "CVE-2019-8675", "CVE-2019-8696", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13943", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14385", "CVE-2020-14422", "CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-1749", "CVE-2020-17527", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1971", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25643", "CVE-2020-2574", "CVE-2020-2732", "CVE-2020-2752", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8631", "CVE-2020-8632", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383", "CVE-2021-3156"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_19_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164584", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164584);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-12652\",\n \"CVE-2017-15715\",\n \"CVE-2017-18190\",\n \"CVE-2017-18551\",\n \"CVE-2018-1283\",\n \"CVE-2018-1303\",\n \"CVE-2018-10896\",\n \"CVE-2018-20836\",\n \"CVE-2018-20843\",\n \"CVE-2019-2974\",\n \"CVE-2019-5094\",\n \"CVE-2019-5188\",\n \"CVE-2019-5482\",\n \"CVE-2019-8675\",\n \"CVE-2019-8696\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-10098\",\n \"CVE-2019-11068\",\n \"CVE-2019-11719\",\n \"CVE-2019-11727\",\n \"CVE-2019-11756\",\n \"CVE-2019-12450\",\n \"CVE-2019-12614\",\n \"CVE-2019-12749\",\n \"CVE-2019-14822\",\n \"CVE-2019-14866\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15903\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16935\",\n \"CVE-2019-16994\",\n \"CVE-2019-17006\",\n \"CVE-2019-17023\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-17498\",\n \"CVE-2019-18197\",\n \"CVE-2019-18282\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19126\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-19956\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20386\",\n \"CVE-2019-20388\",\n \"CVE-2019-20636\",\n \"CVE-2019-20811\",\n \"CVE-2019-20907\",\n \"CVE-2019-1010305\",\n \"CVE-2020-1749\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\",\n \"CVE-2020-1971\",\n \"CVE-2020-2574\",\n \"CVE-2020-2732\",\n \"CVE-2020-2752\",\n \"CVE-2020-2780\",\n \"CVE-2020-2812\",\n \"CVE-2020-6829\",\n \"CVE-2020-7595\",\n \"CVE-2020-8177\",\n \"CVE-2020-8492\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\",\n \"CVE-2020-8631\",\n \"CVE-2020-8632\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10769\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12243\",\n \"CVE-2020-12400\",\n \"CVE-2020-12401\",\n \"CVE-2020-12402\",\n \"CVE-2020-12403\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-13943\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14385\",\n \"CVE-2020-14422\",\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\",\n \"CVE-2020-15862\",\n \"CVE-2020-15999\",\n \"CVE-2020-17527\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25643\",\n \"CVE-2021-3156\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.19.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.19.1 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline\n character in a malicious filename, rather than matching only the end of the filename. This could be\n exploited in environments where uploads of some files are are externally blocked, but only by matching the\n trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows\n remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in\n conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither\n the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI\n applications (SessionEnv on, not the default), a remote user may influence their content by using a\n Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data\n to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per\n CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30\n due to an out of bound read while preparing data to be cached in shared memory. It could be used as a\n Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk\n since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons\n could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be\n usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the\n request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component\n is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the\n victim must open a specially crafted chm file. The fixed version is: after commit\n 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and\n xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a\n crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger\n an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information\n disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign\n CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in\n CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This\n vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited\n to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical\n Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of\n symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only\n affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own\n home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to\n read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a\n cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent\n client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and\n send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A\n local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical\n interface, change the input method engine, or modify other input related configurations of the victim\n user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may\n contain files with permissions the attacker did not have or in paths he did not have access to. Extracting\n those archives from a high-privilege user without carefully reviewing them may lead to the compromise of\n the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to\n document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary\n JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when\n register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka\n CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length\n checks. In cases where the application calling the library did not perform a sanity check on the inputs it\n could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting\n in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming\n Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow\n in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent\n memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of\n service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds\n check could fail and memory outside a buffer could be written to, or uninitialized data could be\n disclosed. (CVE-2019-18197)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on\n a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value\n remains the same starting from boot time, and can be inferred by an attacker. This affects\n net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of\n this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or\n dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the\n LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition,\n allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass\n ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code\n refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The\n timeri variable was originally intended to be for a newly created timer instance, but was used for a\n different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has\n some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will\n cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the\n udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an\n infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A\n specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave\n 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a\n privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS\n client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause\n a kernel panic. The highest threat from this vulnerability is to data confidentiality and system\n availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant\n time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80\n and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar\n multiplication was removed, resulting in variable-time execution dependent on secret data. This\n vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean\n Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform\n electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,\n but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using\n multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling\n multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest\n threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the\n HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP\n headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\n could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and\n IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application\n is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this\n attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to\n 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on\n an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely\n lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak\n between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a\n malicious FTP server. (CVE-2020-1934)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which\n leaked partial information about the nonce used during signature generation. Given an electro-magnetic\n trace of a few signature generations, the private key could have been computed. This vulnerability affects\n Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources\n that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1\n allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client\n because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.19.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6af7891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17006\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5482\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.19.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.19.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T02:43:21", "description": "The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2017-15715", "CVE-2017-18190", "CVE-2017-18551", "CVE-2018-10896", "CVE-2018-1283", "CVE-2018-1303", "CVE-2018-20836", "CVE-2018-20843", "CVE-2019-10098", "CVE-2019-1010305", "CVE-2019-11068", "CVE-2019-11719", "CVE-2019-11727", "CVE-2019-11756", "CVE-2019-12450", "CVE-2019-12614", "CVE-2019-12749", "CVE-2019-14822", "CVE-2019-14866", "CVE-2019-15217", "CVE-2019-15807", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-16994", "CVE-2019-17006", "CVE-2019-17023", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-17498", "CVE-2019-18197", "CVE-2019-18282", "CVE-2019-18808", "CVE-2019-19046", "CVE-2019-19055", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19126", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19530", "CVE-2019-19534", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19807", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20095", "CVE-2019-20386", "CVE-2019-20388", "CVE-2019-20636", "CVE-2019-20811", "CVE-2019-20907", "CVE-2019-2974", "CVE-2019-5094", "CVE-2019-5188", "CVE-2019-5482", "CVE-2019-8675", "CVE-2019-8696", "CVE-2019-9454", "CVE-2019-9458", "CVE-2020-10690", "CVE-2020-10732", "CVE-2020-10742", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-12243", "CVE-2020-12400", "CVE-2020-12401", "CVE-2020-12402", "CVE-2020-12403", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13943", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14385", "CVE-2020-14422", "CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-1749", "CVE-2020-17527", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1971", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-25643", "CVE-2020-2574", "CVE-2020-2732", "CVE-2020-2752", "CVE-2020-2780", "CVE-2020-2812", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8631", "CVE-2020-8632", "CVE-2020-8647", "CVE-2020-8649", "CVE-2020-9383", "CVE-2021-3156"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_15_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164599", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164599);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-12652\",\n \"CVE-2017-15715\",\n \"CVE-2017-18190\",\n \"CVE-2017-18551\",\n \"CVE-2018-1283\",\n \"CVE-2018-1303\",\n \"CVE-2018-10896\",\n \"CVE-2018-20836\",\n \"CVE-2018-20843\",\n \"CVE-2019-2974\",\n \"CVE-2019-5094\",\n \"CVE-2019-5188\",\n \"CVE-2019-5482\",\n \"CVE-2019-8675\",\n \"CVE-2019-8696\",\n \"CVE-2019-9454\",\n \"CVE-2019-9458\",\n \"CVE-2019-10098\",\n \"CVE-2019-11068\",\n \"CVE-2019-11719\",\n \"CVE-2019-11727\",\n \"CVE-2019-11756\",\n \"CVE-2019-12450\",\n \"CVE-2019-12614\",\n \"CVE-2019-12749\",\n \"CVE-2019-14822\",\n \"CVE-2019-14866\",\n \"CVE-2019-15217\",\n \"CVE-2019-15807\",\n \"CVE-2019-15903\",\n \"CVE-2019-15917\",\n \"CVE-2019-16231\",\n \"CVE-2019-16233\",\n \"CVE-2019-16935\",\n \"CVE-2019-16994\",\n \"CVE-2019-17006\",\n \"CVE-2019-17023\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-17498\",\n \"CVE-2019-18197\",\n \"CVE-2019-18282\",\n \"CVE-2019-18808\",\n \"CVE-2019-19046\",\n \"CVE-2019-19055\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19062\",\n \"CVE-2019-19063\",\n \"CVE-2019-19126\",\n \"CVE-2019-19332\",\n \"CVE-2019-19447\",\n \"CVE-2019-19523\",\n \"CVE-2019-19524\",\n \"CVE-2019-19530\",\n \"CVE-2019-19534\",\n \"CVE-2019-19537\",\n \"CVE-2019-19767\",\n \"CVE-2019-19807\",\n \"CVE-2019-19956\",\n \"CVE-2019-20054\",\n \"CVE-2019-20095\",\n \"CVE-2019-20386\",\n \"CVE-2019-20388\",\n \"CVE-2019-20636\",\n \"CVE-2019-20811\",\n \"CVE-2019-20907\",\n \"CVE-2019-1010305\",\n \"CVE-2020-1749\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\",\n \"CVE-2020-1971\",\n \"CVE-2020-2574\",\n \"CVE-2020-2732\",\n \"CVE-2020-2752\",\n \"CVE-2020-2780\",\n \"CVE-2020-2812\",\n \"CVE-2020-6829\",\n \"CVE-2020-7595\",\n \"CVE-2020-8177\",\n \"CVE-2020-8492\",\n \"CVE-2020-8622\",\n \"CVE-2020-8623\",\n \"CVE-2020-8624\",\n \"CVE-2020-8631\",\n \"CVE-2020-8632\",\n \"CVE-2020-8647\",\n \"CVE-2020-8649\",\n \"CVE-2020-9383\",\n \"CVE-2020-10690\",\n \"CVE-2020-10732\",\n \"CVE-2020-10742\",\n \"CVE-2020-10751\",\n \"CVE-2020-10769\",\n \"CVE-2020-10942\",\n \"CVE-2020-11565\",\n \"CVE-2020-12243\",\n \"CVE-2020-12400\",\n \"CVE-2020-12401\",\n \"CVE-2020-12402\",\n \"CVE-2020-12403\",\n \"CVE-2020-12770\",\n \"CVE-2020-12826\",\n \"CVE-2020-13943\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14385\",\n \"CVE-2020-14422\",\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\",\n \"CVE-2020-15862\",\n \"CVE-2020-15999\",\n \"CVE-2020-17527\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-25643\",\n \"CVE-2021-3156\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory.\n\n - libpng before 1.6.32 does not properly check the length of chunks against the user limit. (CVE-2017-12652)\n\n - In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline\n character in a malicious filename, rather than matching only the end of the filename. This could be\n exploited in environments where uploads of some files are are externally blocked, but only by matching the\n trailing portion of the filename. (CVE-2017-15715)\n\n - A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows\n remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in\n conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither\n the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).\n (CVE-2017-18190)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an\n out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI\n applications (SessionEnv on, not the default), a remote user may influence their content by using a\n Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data\n to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per\n CGI specifications. (CVE-2018-1283)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30\n due to an out of bound read while preparing data to be cached in shared memory. It could be used as a\n Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk\n since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.\n (CVE-2018-1303)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons\n could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be\n usable for denial-of-service attacks). (CVE-2018-20843)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the\n request URL. (CVE-2019-10098)\n\n - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component\n is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the\n victim must open a specially crafted chm file. The fixed version is: after commit\n 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. (CVE-2019-1010305)\n\n - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and\n xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a\n crafted URL that is not actually invalid and is subsequently loaded. (CVE-2019-11068)\n\n - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger\n an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information\n disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.\n (CVE-2019-11719)\n\n - A vulnerability exists where it possible to force Network Security Services (NSS) to sign\n CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in\n CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This\n vulnerability affects Firefox < 68. (CVE-2019-11727)\n\n - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited\n to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)\n\n - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file\n permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical\n Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of\n symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only\n affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own\n home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to\n read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a\n cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent\n client connection came from an attacker-chosen uid, allowing authentication bypass. (CVE-2019-12749)\n\n - A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and\n send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A\n local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical\n interface, change the input method engine, or modify other input related configurations of the victim\n user. (CVE-2019-14822)\n\n - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives.\n When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may\n contain files with permissions the attacker did not have or in paths he did not have access to. Extracting\n those archives from a high-privilege user without carefully reviewing them may lead to the compromise of\n the system. (CVE-2019-14866)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to\n document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read. (CVE-2019-15903)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16231)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference. (CVE-2019-16233)\n\n - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary\n JavaScript can be delivered to clients that visit the http URL for this server. (CVE-2019-16935)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when\n register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka\n CID-07f12b26e21a. (CVE-2019-16994)\n\n - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length\n checks. In cases where the application calling the library did not perform a sanity check on the inputs it\n could result in a crash due to a buffer overflow. (CVE-2019-17006)\n\n - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting\n in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming\n Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow\n in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent\n memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of\n service condition on the client system when a user connects to the server. (CVE-2019-17498)\n\n - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain\n circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds\n check could fail and memory outside a buffer could be written to, or uninitialized data could be\n disclosed. (CVE-2019-18197)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on\n a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value\n remains the same starting from boot time, and can be inferred by an attacker. This affects\n net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of\n this because an attacker cannot realistically control this failure at probe time. (CVE-2019-19046)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c\n in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by\n triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of\n this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n alloc_page() failures, aka CID-b4b814fec1a5. (CVE-2019-19058)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or\n dma_alloc_coherent() failures, aka CID-0f4f199443fa. (CVE-2019-19059)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the\n LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition,\n allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass\n ASLR for a setuid program. (CVE-2019-19126)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)\n\n - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)\n\n - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB\n device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB\n device in the USB character device driver layer, aka CID-303911cfc5b9. This affects\n drivers/usb/core/file.c. (CVE-2019-19537)\n\n - The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors\n in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka\n CID-4ea99936a163. (CVE-2019-19767)\n\n - In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code\n refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The\n timeri variable was originally intended to be for a newly created timer instance, but was used for a\n different purpose after refactoring. (CVE-2019-19807)\n\n - xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to\n newDoc->oldNs. (CVE-2019-19956)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has\n some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will\n cause a memory leak and denial of service. (CVE-2019-20095)\n\n - An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the\n udevadm trigger command, a memory leak may occur. (CVE-2019-20386)\n\n - xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.\n (CVE-2019-20388)\n\n - In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode\n table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. (CVE-2019-20636)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an\n infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. (CVE-2019-20907)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2974)\n\n - An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A\n specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5094)\n\n - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4.\n A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code\n execution. An attacker can corrupt a partition to trigger this vulnerability. (CVE-2019-5188)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. (CVE-2019-5482)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave\n 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a\n privileged network position may be able to execute arbitrary code. (CVE-2019-8675, CVE-2019-8696)\n\n - In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9454)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation. (CVE-2019-9458)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device\n file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed,\n it can cause an exploitable condition as the process wakes up to terminate and clean all attached files.\n The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the\n inode. (CVE-2020-10690)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an\n attacker with a local account to crash a trivial program and exfiltrate private kernel data.\n (CVE-2020-10732)\n\n - A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS\n client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause\n a kernel panic. The highest threat from this vulnerability is to data confidentiality and system\n availability. (CVE-2020-10742)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel stack corruption via crafted system calls.\n (CVE-2020-10942)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c\n has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing,\n aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability\n because the issue is a bug in parsing mount options which can only be specified by a privileged user, so\n triggering the bug does not grant any powers not already held.. (CVE-2020-11565)\n\n - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can\n result in denial of service (daemon crash). (CVE-2020-12243)\n\n - When converting coordinates from projective to affine, the modular inversion was not performed in constant\n time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80\n and Firefox for Android < 80. (CVE-2020-12400)\n\n - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar\n multiplication was removed, resulting in variable-time execution dependent on secret data. This\n vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)\n\n - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean\n Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform\n electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.\n *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,\n but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)\n\n - A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using\n multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling\n multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest\n threat from this vulnerability is to confidentiality and system availability. (CVE-2020-12403)\n\n - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a\n certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)\n\n - A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.\n Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a\n do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in\n a different security domain. Exploitation limitations include the amount of elapsed time before an integer\n overflow occurs, and the lack of scenarios where signals to a parent process present a substantial\n operational threat. (CVE-2020-12826)\n\n - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to\n 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the\n HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP\n headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This\n could lead to users seeing responses for unexpected resources. (CVE-2020-13943)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and\n IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application\n is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this\n attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12;\n v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.\n (CVE-2020-14422)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to\n 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on\n an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely\n lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak\n between requests. (CVE-2020-17527)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a\n malicious FTP server. (CVE-2020-1934)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2574)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest\n when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability\n allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Client. (CVE-2020-2752)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2780)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2020-2812)\n\n - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which\n leaked partial information about the nonce used during signature generation. Given an electro-magnetic\n trace of a few signature generations, the private key could have been computed. This vulnerability affects\n Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)\n\n - xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file\n situation. (CVE-2020-7595)\n\n - curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources\n that can lead too overwriting a local file when the -J flag is used. (CVE-2020-8177)\n\n - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1\n allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client\n because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)\n\n - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating\n the server receiving the TSIG-signed request, could send a truncated response to that request, triggering\n an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to\n correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and\n message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n (CVE-2020-8622)\n\n - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the\n BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted\n query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with\n --enable-native-pkcs11 * be signing one or more zones with an RSA key * be able to receive queries from\n a possible attacker (CVE-2020-8623)\n\n - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also\n affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An\n attacker who has been granted privileges to change a specific subset of the zone's content could abuse\n these unintended additional privileges to update other contents of the zone. (CVE-2020-8624)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in\n drivers/tty/vt/vt.c. (CVE-2020-8647)\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region\n function in drivers/video/console/vgacon.c. (CVE-2020-8649)\n\n - An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to\n a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it,\n aka CID-2e90ca68b0d2. (CVE-2020-9383)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.15.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d45c0ac\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17006\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-5482\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.15.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.15.5 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.15.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.15.5 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-09T21:01:45", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for libxml2 fixes the following issues:\n\n - CVE-2019-19956: Reverted the upstream fix for this memory leak because\n it introduced other, more severe vulnerabilities (bsc#1172021).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-781=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-08T00:00:00", "type": "suse", "title": "Security update for libxml2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-06-08T00:00:00", "id": "OPENSUSE-SU-2020:0781-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQPKJALN5664H5AAEJXKAEHG3AP5Y6RH/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-10T08:11:05", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for libxml2 fixes the following issues:\n\n - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n - CVE-2019-19956: Fixed a memory leak (bsc#1159928).\n - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-681=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-23T00:00:00", "type": "suse", "title": "Security update for libxml2 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2020-05-23T00:00:00", "id": "OPENSUSE-SU-2020:0681-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/75OUBX7RPPAARGW2FKOWVC52NVIH42S5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:43:49", "description": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-24T16:15:00", "type": "cve", "title": "CVE-2019-19956", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:netapp:active_iq_unified_manager:-", "cpe:/a:netapp:clustered_data_ontap_antivirus_connector:-", "cpe:/a:oracle:real_user_experience_insight:13.3.1.0", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:netapp:manageability_software_development_kit:-", "cpe:/a:netapp:clustered_data_ontap:-", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-"], "id": "CVE-2019-19956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19956", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-04T22:47:21", "type": "mageia", "title": "Updated libxml2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-07-04T22:47:21", "id": "MGASA-2020-0271", "href": "https://advisories.mageia.org/MGASA-2020-0271.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-05T15:37:51", "type": "mageia", "title": "Updated libxml2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2020-01-05T15:37:51", "id": "MGASA-2020-0020", "href": "https://advisories.mageia.org/MGASA-2020-0020.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T11:36:40", "description": "Package : libxml2\nVersion : 2.9.1+dfsg1-5+deb8u8\nCVE ID : CVE-2019-19956\n\nIt was discovered that there was a potential denial of service\nvulnerability in libxml2, the GNOME XML parsing library.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in libxml2 version\n2.9.1+dfsg1-5+deb8u8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-28T17:59:43", "type": "debian", "title": "[SECURITY] [DLA 2048-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2019-12-28T17:59:43", "id": "DEBIAN:DLA-2048-1:4AFA1", "href": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-01T03:03:39", "description": "Package : libxml2\nVersion : 2.9.1+dfsg1-5+deb8u8\nCVE ID : CVE-2019-19956\n\nIt was discovered that there was a potential denial of service\nvulnerability in libxml2, the GNOME XML parsing library.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in libxml2 version\n2.9.1+dfsg1-5+deb8u8.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-28T17:59:43", "type": "debian", "title": "[SECURITY] [DLA 2048-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2019-12-28T17:59:43", "id": "DEBIAN:DLA-2048-1:4A4BD", "href": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T11:01:23", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2369-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVersion : 2.9.4+dfsg1-2.2+deb9u3\nCVE ID : CVE-2017-8872 CVE-2017-18258 CVE-2018-14404\n CVE-2018-14567 CVE-2019-19956 CVE-2019-20388\n CVE-2020-7595 CVE-2020-24977\nDebian Bug : 895245 862450 949583 969529 949582\n\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\n Global buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\n The xz_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n\nCVE-2018-14404\n\n A NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\n If the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\n The xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc-&gt;oldNs.\n\nCVE-2019-20388\n\n A memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\n Infinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n\nCVE-2020-24977\n\n Out-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2020-09-09T22:41:50", "type": "debian", "title": "[SECURITY] [DLA 2369-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2020-09-09T22:41:50", "id": "DEBIAN:DLA-2369-1:46D38", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-01-23T03:57:52", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2369-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nSeptember 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVersion : 2.9.4+dfsg1-2.2+deb9u3\nCVE ID : CVE-2017-8872 CVE-2017-18258 CVE-2018-14404\n CVE-2018-14567 CVE-2019-19956 CVE-2019-20388\n CVE-2020-7595 CVE-2020-24977\nDebian Bug : 895245 862450 949583 969529 949582\n\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\nCVE-2017-8872\n\n Global buffer-overflow in the htmlParseTryOrFinish function.\n\nCVE-2017-18258\n\n The xz_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n\nCVE-2018-14404\n\n A NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n\nCVE-2018-14567\n\n If the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n\nCVE-2019-19956\n\n The xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc-&gt;oldNs.\n\nCVE-2019-20388\n\n A memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n\nCVE-2020-7595\n\n Infinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n\nCVE-2020-24977\n\n Out-of-bounds read restricted to xmllint --htmlout.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libxml2\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2020-09-09T22:41:50", "type": "debian", "title": "[SECURITY] [DLA 2369-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18258", "CVE-2017-8872", "CVE-2018-14404", "CVE-2018-14567", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-24977", "CVE-2020-7595"], "modified": "2020-09-09T22:41:50", "id": "DEBIAN:DLA-2369-1:E14AE", "href": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:27:21", "description": "libxml2.so is vulnerable to denial of service (DoS). The attack is possible due to a lack of proper memory handing in the function `xmlParseBalancedChunkMemoryRecover` in `parser.c`, leading to an application crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-21T03:40:01", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2021-04-15T23:23:55", "id": "VERACODE:22327", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22327/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:18:44", "description": "\nIt was discovered that there was potential denial of service\nvulnerability in libxml2, the Gnome XML parsing library.\n\n\n* [CVE-2019-19956](https://security-tracker.debian.org/tracker/CVE-2019-19956)\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.9.1+dfsg1-5+deb8u8.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-28T00:00:00", "type": "osv", "title": "libxml2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956"], "modified": "2022-08-05T05:18:39", "id": "OSV:DLA-2048-1", "href": "https://osv.dev/vulnerability/DLA-2048-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:18:56", "description": "\nSeveral security vulnerabilities were corrected in libxml2, the GNOME\nXML library.\n\n\n* [CVE-2017-8872](https://security-tracker.debian.org/tracker/CVE-2017-8872)\nGlobal buffer-overflow in the htmlParseTryOrFinish function.\n* [CVE-2017-18258](https://security-tracker.debian.org/tracker/CVE-2017-18258)\nThe xz\\_head function in libxml2 allows remote attackers to cause a\n denial of service (memory consumption) via a crafted LZMA file,\n because the decoder functionality does not restrict memory usage to\n what is required for a legitimate file.\n* [CVE-2018-14404](https://security-tracker.debian.org/tracker/CVE-2018-14404)\nA NULL pointer dereference vulnerability exists in the\n xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an\n invalid XPath expression in the XPATH\\_OP\\_AND or XPATH\\_OP\\_OR case.\n Applications processing untrusted XSL format inputs may be\n vulnerable to a denial of service attack.\n* [CVE-2018-14567](https://security-tracker.debian.org/tracker/CVE-2018-14567)\nIf the option --with-lzma is used, allows remote attackers to cause\n a denial of service (infinite loop) via a crafted XML file.\n* [CVE-2019-19956](https://security-tracker.debian.org/tracker/CVE-2019-19956)\nThe xmlParseBalancedChunkMemoryRecover function has a memory leak\n related to newDoc->oldNs.\n* [CVE-2019-20388](https://security-tracker.debian.org/tracker/CVE-2019-20388)\nA memory leak was found in the xmlSchemaValidateStream function of\n libxml2. Applications that use this library may be vulnerable to\n memory not being freed leading to a denial of service.\n* [CVE-2020-7595](https://security-tracker.debian.org/tracker/CVE-2020-7595)\nInfinite loop in xmlStringLenDecodeEntities can cause a denial of\n service.\n* [CVE-2020-24977](https://security-tracker.debian.org/tracker/CVE-2020-24977)\nOut-of-bounds read restricted to xmllint --htmlout.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.9.4+dfsg1-2.2+deb9u3.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\n\nFor the detailed security status of libxml2 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/libxml2>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2020-09-10T00:00:00", "type": "osv", "title": "libxml2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14404", "CVE-2019-20388", "CVE-2018-14567", "CVE-2017-8872", "CVE-2020-7595", "CVE-2019-19956", "CVE-2017-18258", "CVE-2020-24977"], "modified": "2022-08-05T05:18:53", "id": "OSV:DLA-2369-1", "href": "https://osv.dev/vulnerability/DLA-2369-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ics": [{"lastseen": "2023-03-31T17:30:12", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor:** Siemens\n * **Equipment:** SINEMA Remote Connect Server\n * **Vulnerabilities:** Missing Release of Resource after Effective Lifetime, Infinite Loop\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to cause a memory leak or an infinite loop situation resulting in a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n * SINEMA Remote Connect Server: All versions prior to v3.0\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [MISSING RELEASE OF RESOURCE AFTER EFFECTIVE LIFETIME CWE-772](<https://cwe.mitre.org/data/definitions/772.html>)\n\nThe affected product is vulnerable to a memory leak, which may allow an attacker to cause a denial-of-service condition.\n\n[CVE-2019-19956](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19956>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.2 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)\n\nThe affected product is vulnerable to an infinite loop, which may allow an attacker to cause a denial-of-service condition.\n\n[CVE-2020-7595](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7595>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nSiemens recommends applying updates where applicable:\n\n * SINEMA Remote Connect Server: [Update to v3.0](<https://support.industry.siemens.com/cs/ww/en/view/109793790>)\n\nAs a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to [Siemens operational guidelines for Industrial Security](<https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf>) and following the recommendations in the product manuals.\n\nFor additional information, please refer to Siemens Security Advisory [SSA-292794](<https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n### Vendor\n\nSiemens\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T12:00:00", "type": "ics", "title": "Siemens SINEMA Remote Connect Server", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2021-04-13T12:00:00", "id": "ICSA-21-103-08", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-08", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:40:56", "description": "## Releases\n\n * Ubuntu 19.10 \n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * libxml2 \\- GNOME XML library\n\nIt was discovered that libxml2 incorrectly handled certain XML files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2019-19956, CVE-2020-7595)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-10T00:00:00", "type": "ubuntu", "title": "libxml2 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-10T00:00:00", "id": "USN-4274-1", "href": "https://ubuntu.com/security/notices/USN-4274-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:40:29", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595)\n\nCVEs contained in this USN include: CVE-2019-19956, CVE-2020-7595.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.163.0\n * Xenial Stemcells \n * 621.x versions prior to 621.57\n * 456.x versions prior to 456.98\n * 315.x versions prior to 315.169\n * 250.x versions prior to 250.183\n * 170.x versions prior to 170.203\n * 97.x versions prior to 97.232\n * All other stemcells not listed.\n * CF Deployment \n * * All versions prior to v12.33.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3\n * * * Upgrade All versions to 0.163.0 or greater\n * Xenial Stemcells \n * Upgrade 621.x versions to 621.57 or greater\n * Upgrade 456.x versions to 456.98 or greater\n * Upgrade 315.x versions to 315.169 or greater\n * Upgrade 250.x versions to 250.183 or greater\n * Upgrade 170.x versions to 170.203 or greater\n * Upgrade 97.x versions to 97.232 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to v12.33.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4274-1/>)\n * [CVE-2019-19956](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956>)\n * [CVE-2020-7595](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595>)\n\n## History\n\n2020-02-10: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-20T00:00:00", "type": "cloudfoundry", "title": "USN-4274-1: libxml2 vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2020-7595"], "modified": "2020-02-20T00:00:00", "id": "CFOUNDRY:853E5589D5EE11B72526D65C16FA38B8", "href": "https://www.cloudfoundry.org/blog/usn-4274-1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-27T21:45:16", "description": "## Summary\n\nThe following vulnerabilities in Libxml2 have been addressed by IBM Flex System Chassis Management Module (CMM).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-7595](<https://vulners.com/cve/CVE-2020-7595>) \n** DESCRIPTION: **The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175333](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175333>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-20388](<https://vulners.com/cve/CVE-2019-20388>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-19956](<https://vulners.com/cve/CVE-2019-19956>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Flex System Chassis Management Module (CMM)| 2PET \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nAffected Product(s)| Version(s) \n---|--- \n \nIBM Flex System Chassis Management Module (CMM)\n\n(ibm_fw_cmm_2pet22a-2.5.20a_anyos_noarch)\n\n| 2pet22a-2.5.20a \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-15T16:27:07", "type": "ibm", "title": "Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Libxml2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19956", "CVE-2019-20388", "CVE-2020-7595"], "modified": "2021-03-15T16:27:07", "id": "B2EB1B0A78976B31AE7FEB79078A0F8E1A1DC8FD8366FABA05AEA647813A50A2", "href": "https://www.ibm.com/support/pages/node/6430225", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-27T21:47:25", "description": "## Summary\n\nIBM MQ Appliance has resolved libxml2 vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-19956](<https://vulners.com/cve/CVE-2019-19956>) \n**DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173518>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-20388](<https://vulners.com/cve/CVE-2019-20388>) \n**DESCRIPTION: **GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by an xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175539](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175539>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-7595](<https://vulners.com/cve/CVE-2020-7595>) \n**DESCRIPTION: **The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175333](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175333>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ Appliance | 9.1 LTS \nIBM MQ Appliance | 9.2 LTS \nIBM MQ Appliance | 9.1 CD \n \n## Remediation/Fixes\n\n**IBM MQ Appliance 9.1 LTS**\n\nApply [fixpack 9.1.0.7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+MQ+Appliance+M2000&function=fixId&fixids=9.1.0.7-IBM-MQ-Appliance-U0000+&includeSupersedes=1> \"fixpack 9.1.0.7\" ), or later maintenance.\n\n**IBM MQ Appliance 9.1 CD**\n\nUpgrade to [9.2.1 CD](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=